A - Wrong - Hybrid Identity Admin cannot create managed identities. Permissions are: Can manage AD to Azure AD cloud provisioning, Azure AD Connect, Pass-through Authentication (PTA), Password hash synchronization (PHS), Seamless Single sign-on (Seamless SSO), and federation settings.
B - wrong - Managed Identity Operator cannot create managed identities. Permissions are: Read and Assign User Assigned Identity
C - correct: Managed Identity Contributor can Create, Read, Update, and Delete User Assigned Identity.
D - incorrect - can create users, but does not follow the principal of least privilege, as the permission set is comprehensive. User administrator can manage all aspects of users and groups.
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
C. Create a resource group and assign User1 to the Managed Identity Contributor role.
Explanation:
Managed Identity Contributor Role: This role allows the user to manage managed identities, including creating and deleting them, within the scope of the assigned resource group. It provides the necessary permissions without granting excessive access1.
Principle of Least Privilege: By assigning the Managed Identity Contributor role at the resource group level, you ensure that User1 has the minimum permissions required to perform the task, reducing the risk of unnecessary access to other resources.
B. Create a management group and assign User1 the Managed Identity Operator role.
The Managed Identity Operator role provides the necessary permissions for managing managed identities within Azure, while following the principle of least privilege. This role allows the user to create, update, and delete managed identities without granting broader permissions than necessary.
C is the answer.
https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp#create-a-user-assigned-managed-identity
To create a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.
C. Create a resource group and assign User1 to the Managed Identity Contributor role.
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.AZ-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Seelearndo
Highly Voted 1 year, 9 months agowaqqy
Most Recent 3 months agoalfaAzure
1 year, 2 months agoAustin6488
6 months, 3 weeks agoStrifelife
1 year, 3 months agozellck
1 year, 5 months agomajstor86
1 year, 7 months ago