AZ-305 Question #305: Real Exam Question with Answer & Explanation

Question

Hotspot Question You have an Azure AD tenant that contains a management group named MG1. You have the Azure subscriptions shown in the following table. The subscriptions contain the resource groups shown in the following table. The subscription contains the Azure AD security groups shown in the following table. The subscription contains the user accounts shown in the following table. You perform the following actions: - Assign User3 the Contributor role for Sub1. - Assign Group1 the Virtual Machine Contributor role for MG1. - Assign Group3 the Contributor role for the Tenant Root Group. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer:

Explanation

User3 is assigned the Contributor role for Sub1, which grants broad permissions across all resource groups within Sub1, including RG2. The Contributor role allows creating and managing all types of Azure resources, including storage accounts, so User3 can create a storage account in RG2 (Yes). User1's ability to create VMs in RG1 depends on their group memberships - if User1 is not in Group1 (which has VM Contributor on MG1) or Group3 (which has Contributor on Tenant Root Group), and has no direct role on RG1 or its parent subscription, they lack permissions (No). User2 cannot grant permissions to Group2 because granting permissions requires the Owner role or User Access Administrator role - the Contributor role (which might apply to User2 via Group3) explicitly excludes the ability to manage access/permissions in Azure RBAC (No).

No community discussion yet for this question.