SC-300 · Question #207
SC-300 Question #207: Real Exam Question with Answer & Explanation
The correct answer is E: User1, Group1, VM1, and App1. Explanation Option E is correct because Azure RBAC (Role-Based Access Control) allows you to assign roles to all four identity types: users (User1), groups (Group1), virtual machines with managed identities (VM1), and service principals/applications (App1) - any of these can be g
Question
You have the Azure resources shown in the following table. To which identities can you assign the Contributor role for RG1?
Options
- AUser1 only
- BUser1 and Group1 only
- CUser1 and VM1 only
- DUser1, VM1, and App1 only
- EUser1, Group1, VM1, and App1
Explanation
Explanation
Option E is correct because Azure RBAC (Role-Based Access Control) allows you to assign roles to all four identity types: users (User1), groups (Group1), virtual machines with managed identities (VM1), and service principals/applications (App1) - any of these can be granted the Contributor role on a resource group like RG1.
Options A, B, C, and D are all incorrect because they arbitrarily exclude one or more valid identity types; Azure does not restrict role assignments to only human user accounts or subsets of identity types - any recognized security principal in Azure AD/Entra ID is eligible for role assignment.
The key concept here is understanding what constitutes a security principal in Azure: it includes users, groups, service principals (apps/enterprise applications), and managed identities (like the system-assigned or user-assigned identity on a VM).
🧠 Memory Tip: Remember the acronym "UGMS" - Users, Groups, Managed Identities, Service Principals. If any Azure exam question asks "who can be assigned a role?", the answer is almost always all identity types listed, not just human users. When in doubt, choose the most inclusive option.
Topics
Community Discussion
No community discussion yet for this question.