Home › Azure AZ-900 › cloudcomputing › identitysecurity › Azure role-based access control (RBAC) grants pe…
Azure role-based access control (RBAC) grants permissions by combining three things. Which combination is correct?
AA security principal (user, group, or service principal) + a role definition (set of allowed actions) + a scope (management group, subscription, resource group, or resource)
BA storage SAS token + a private endpoint + a backup vault
CA network IP allowlist + a TLS certificate + a billing tag
DA Conditional Access policy + a sign-in risk score + a passwordless device
Answer & Solution
Correct answer: A. A security principal (user, group, or service principal) + a role definition (set of allowed actions) + a scope (management group, subscription, resource group, or resource)
An Azure RBAC role assignment = (principal, role definition, scope). The other options conflate networking, storage access, and sign-in security with resource permissions.
Related questions
An administrator wants to grant a contractor read-only access to ONE specific resource groWhich Microsoft Entra capability adds a second authentication factor like an AuthenticatorMicrosoft Defender for Cloud is best described as:The defense-in-depth model recommends:The Zero Trust security model is based on which guiding principle?Microsoft Entra Domain Services differs from Microsoft Entra ID in that Domain Services:Microsoft Entra B2B (external identities) is designed to let an organisation:Passwordless authentication on Microsoft Entra typically replaces the password with which