SC-300 · Question #98
SC-300 Question #98: Real Exam Question with Answer & Explanation
This question tests knowledge of Azure RBAC custom role definitions and which specific resource provider permissions correspond to Azure Container Apps management and adaptive network hardening enforcement.
Question
Hotspot Question You have an Azure subscription. You need to create two custom roles named Role1 and Role2. The solution must meet the following requirements: - Users that are assigned Role1 can create or delete instances of Azure Container Apps. - Users that are assigned Role2 can enforce adaptive network hardening rules. Which resource provider permissions are required for each role? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:
Options
- __typehotspot
- variantdropdown
Explanation
This question tests knowledge of Azure RBAC custom role definitions and which specific resource provider permissions correspond to Azure Container Apps management and adaptive network hardening enforcement.
Approach. Role1, which allows creating or deleting Azure Container Apps instances, requires the 'Microsoft.App/containerApps/write' and 'Microsoft.App/containerApps/delete' permissions under the Microsoft.App resource provider. Role2, which allows enforcing adaptive network hardening rules, requires the 'Microsoft.Security/adaptiveNetworkHardenings/enforce/action' permission under the Microsoft.Security resource provider. Adaptive Network Hardening is a feature of Microsoft Defender for Cloud (formerly Azure Security Center), so all its permissions fall under the Microsoft.Security namespace. Knowing that Container Apps uses the 'Microsoft.App' provider and Security Center features use 'Microsoft.Security' is essential for constructing valid custom roles.
Concept tested. Azure RBAC custom role definitions: mapping business requirements to specific resource provider permission strings, specifically Microsoft.App/containerApps/* for Container Apps lifecycle management and Microsoft.Security/adaptiveNetworkHardenings/enforce/action for Defender for Cloud adaptive network hardening enforcement.
Reference. https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations - lists all Azure resource provider operations including Microsoft.App and Microsoft.Security namespaces.
Community Discussion
No community discussion yet for this question.