This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Answer the following questions to check your understanding of managing and right-sizing RBAC role assignments.
Contoso's security team needs to grant a junior administrator the ability to view Azure Virtual Machine configurations and status across a resource group, but not start, stop, or modify them. Which role assignment follows the principle of least privilege?
Assign the Virtual Machine Contributor role at the subscription scope.
Assign the Reader role at the resource group scope.
Assign the Contributor role at the resource group scope.
Assign the Owner role at the resource scope for each virtual machine.
A developer needs to perform a specific set of Azure Storage data plane operations. No existing built-in Azure role grants exactly the required permissions without also granting extra operations the developer shouldn't have. What should the security engineer create?
A Microsoft Entra custom role scoped to the storage account resource.
A custom Azure RBAC role that specifies only the required actions and data actions.
An application registration with a service principal and a broad set of Microsoft Graph permissions.
An Azure Policy definition that allows the specific storage operations.
A Microsoft Entra access review is configured for Azure subscription Owner role assignments. When the review period ends, some reviewers take no action. What autoapply setting enforces the least-privilege outcome for nonresponses?
Set nonresponse behavior to No change—preserve existing assignments until the next review.
Set nonresponse behavior to Remove access—revoke the role assignment when no decision is made.
Extend the review period to give reviewers more time before applying results.
Reassign nonresponded reviews to the subscription owner for a second review.
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?