Home › Azure AZ-900 › cloudcomputing › azurearchitecture › Which Azure access-control mechanism grants perm…
Which Azure access-control mechanism grants permissions by assigning users, groups, or service principals to ROLES on a scope (resource, resource group, subscription, or management group)?
AAzure Conditional Access policies (which only evaluate sign-in risk)
BAzure Storage shared access signatures (SAS tokens)
CAzure role-based access control (RBAC)
DAzure Network Security Groups (NSGs)
Answer & Solution
Correct answer: C. Azure role-based access control (RBAC)
Azure RBAC is the model for granting permissions: a role definition lists allowed actions, and a role assignment binds (principal, role, scope). NSGs are network firewalls. Conditional Access controls sign-in risk evaluation, not resource permissions. SAS tokens are URL-level access grants for storage objects.
Related questions
Which statement about Azure region pairs is correct?Which Azure identity service is the cloud-based directory used to sign in to Azure, MicrosWhich Azure Storage redundancy option provides the HIGHEST durability by replicating data A virtual network (VNet) in one Azure region needs to communicate privately with a VNet inWhich Azure networking service provides a dedicated, private connection between an on-premAn Azure Virtual Machine Scale Set is best used when you need to:Which statement about the Azure resource hierarchy is correct?Which statement about an Availability Zone (AZ) in Azure is correct?