SC-300 Question #265: Real Exam Question with Answer & Explanation

Submitted by luis.pe· Mar 6, 2026Manage Azure identities and governance - specifically managing access control using Azure Role-Based Access Control (RBAC) and understanding the scope and constraints of managed identity assignments to Azure resources.

Question

Hotspot Question You have an Azure subscription that contains the resources shown in the following table. The subscription contains the virtual machines shown in the following table. Which identities can be assigned the Owner role for RG1, and to which virtual machines can you assign Managed2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:

Explanation

In Azure RBAC, both user-assigned and system-assigned managed identities, as well as user accounts and service principals, can be assigned roles like Owner on resource groups. Managed identities are treated as security principals in Azure AD, making Managed1, Managed2, VM1, and VM2 (as Azure AD objects/users) all eligible for Owner role assignment on RG1. For managed identity assignment to VMs, a user-assigned managed identity (like Managed2) can only be assigned to VMs within the same region and subscription - if Managed2 is in a specific region, it can only be attached to VMs in that same region, which determines whether VM1 and/or VM2 are eligible.

Topics

#Managed Identities#Azure RBAC#Role Assignments#Azure Virtual Machines

Community Discussion

No community discussion yet for this question.

Full SC-300 Practice Browse All SC-300 Questions