Exam AZ-104 topic 2 question 66 discussion

https://www.examtopics.com/discussions/microsoft/view/57784-exam-az-500-topic-2-question-58-discussion/ i found similar questions in other page

Role3: Role1 and Azure subscription Roles only. Role4: Role2 only Explanation: There's a difference between Built-in AD roles and Built-in Subscription roles. **Built-in AD roles can't be cloned, but built-in subscription roles can be. Custom roles of either type can be cloned.** To clone the Bulit-in subscription Role, you open the subscription or the Resource group where you want to create the custom role and assign the permissions --> Go to Access Control (IAM) --> Roles tab --> Search for the subscription Role then clone it from the three dots in the right of the role. Reference: https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal

From Azure AD roles: "You can clone the baseline permissions from a custom role but you can't clone a built-in role." https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-create So the question is kind of ambiguous, in the end what you want to clones are the permissions of the role, in that case the answer provided is correct, if you take it literally (as i would do) then it should be "Role 2 only"

https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-create

WRONG Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only

Not sure if I am the only one being confused by the correct answer discussed here. Role3: Role1 and built-in Azure subscription roles only To create an Azure subscription role, you can clone existing Azure subscription roles Role1. it is a valid template. Built-in Azure subscription roles can also be used. But not neccessary cloning BOTH. So correct anwser should Role3: Role1 only Role4: Role2 only

In other exam, i always answered custom role of azure + builtin, and custom role for entra id, but i found out is wrong on azure side, try it on your own! I created a custom role, even 2 days ago, then on IAM i search it and click on "Clone role". This role wasn't clonable, i could even find it on the search manually. So the answer is: Azure can copy only from built-in Azure Role, so is the second one. For Azure AD ( Entra ID ), you can copy only from custom role, so is the first one

For Role3, you should select: Role1 and built-in Azure subscription roles only For Role4, you should select: Role2 and built-in Azure AD roles only

Final Answer: Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only

Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only Explanation: You cannot clone built-in Azure AD role

Role3: Role1 and built-in subscription roles only Role4: Role2 only

Thanks. Answer should be Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only Explanation: You cannot clone built-in Azure AD role I've done Scenraio and it's true that role 3 = role 1 + azure ad role role 4 = role 2

Built-in AD roles can't be cloned, but built-in subscription roles can be. Custom roles of either type can be cloned.

I have tested this in lab. Role4 can be cloned only from Role2. When I try to create a new AD role, it's giving only one option 'Clone from a custom role'.

Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only https://www.youtube.com/watch?v=qbnuwEohUbo&list=PLlKA5U_Yqgof3H0YWhzvarFixW9QLTr4S&index=46

Role3: Role1 and built-in Azure subscription roles only Role4: Role2 only

There is a difference between Azure Roles and Azure AD Roles. Their "cloning" rules are not the same. While you can clone an in-built Azure role, you CANNOT clone in-built Azure AD role. When creating a custom role in Azure AD, you can either choose a custom role already created OR start from scratch. So for 2nd, Answer should be Role2 only.