AZ-500 Question #18: Real Exam Question with Answer & Explanation

Question

Your company plans to create separate subscriptions for each department. Each subscription will be associated to the same Azure Active Directory (Azure AD) tenant. You need to configure each subscription to have the same role assignments. What should you use?

Options

• AAzure Security Center
• BAzure Blueprints
• CAzure AD Privileged Identity Management (PIM)
• DAzure Policy

Explanation

Azure Blueprints for Consistent Role Assignments

Azure Blueprints (B) is correct because it allows you to define a repeatable set of Azure resources, policies, and role assignments that can be applied consistently across multiple subscriptions within the same Azure AD tenant - making it ideal for enforcing governance standards at scale.

Why the distractors are wrong:

• Azure Security Center (A) focuses on threat protection and security posture management, not on deploying or replicating role assignments across subscriptions.
• Azure AD PIM (C) manages just-in-time privileged access and approval workflows for existing roles - it doesn't configure or replicate role assignments across subscriptions.
• Azure Policy (D) enforces resource compliance rules (e.g., allowed regions, SKUs), but it cannot directly assign roles or replicate RBAC configurations across subscriptions.

Memory Tip: Think of Blueprints = architectural plans - just like a building blueprint ensures every floor is built the same way, Azure Blueprints ensures every subscription is configured with the same roles, policies, and resources. If the exam mentions consistent configurations across multiple subscriptions, Blueprints is almost always the answer.

No community discussion yet for this question.