nerdexam
ExamsAZ-104Questions#578
MicrosoftMicrosoft

AZ-104 · Question #578

AZ-104 Question #578: Real Exam Question with Answer & Explanation

The first statement is correct because signing in to virtual machines involves data plane operations (like Microsoft.Compute/virtualMachines/login/action), which must be defined in the 'dataActions' section of a custom role - not in the 'actions' section which covers control plan

Submitted by alyssa_d· Mar 4, 2026Manage identity and access - specifically creating and managing Azure custom role-based access control (RBAC) roles, understanding the structure of role definitions including actions, dataActions, and assignableScopes (AZ-104 / AZ-500)

Question

Hotspot Question You configure the custom role shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Answer:

Explanation

The first statement is correct because signing in to virtual machines involves data plane operations (like Microsoft.Compute/virtualMachines/login/action), which must be defined in the 'dataActions' section of a custom role - not in the 'actions' section which covers control plane operations. The second statement is correct because the 'assignableScopes' section defines where a role can be assigned; to restrict the role to only RG1, you would specify that resource group's full resource ID (e.g., /subscriptions/{subId}/resourceGroups/RG1) in the assignableScopes array, replacing or narrowing any broader scope like a subscription.

Topics

#Azure RBAC#Custom Roles#dataActions#assignableScopes

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-104 PracticeBrowse All AZ-104 Questions