Azure RBAS and Entra ID Roles

Question 1

What capabilities has a ‘Owner’ role in Azure RBAC?

Answer 1

Grants full access to manage all resources within the scope and also assign roles to users to manage resources within the scope.

Question 2

Which role allows viewing all resources without making changes?

Answer 2

Reader

Question 3

What is the responsibility of the ‘Contributor’ role?

Answer 3

Full access to manage all resources except role assignments.

Question 4

What can the ‘User Access Administrator’ role manage?

Answer 4

Ability to assign roles and set RBAC permissions but can’t make changes to resources.

Question 5

Which role is specifically used to manage Azure reservations?

Answer 5

Reservations Administrator

Question 6

What permissions does the ‘Virtual Machine Contributor’ role provide?

Answer 6

Manage VMs, disks, software installation, password resets; excludes network and storage management.

Question 7

What does the ‘Compute Gallery Artifacts Publisher’ role do?

Answer 7

Publishes gallery artifacts.

Question 8

Which role allows managing classic networks but not accessing them?

Answer 8

Classic Network Contributor

Question 9

What actions are allowed by the ‘Storage Blob Data Contributor’ role?

Answer 9

Read, write, and delete blob containers and data.

Question 10

What is the responsibility of the ‘Backup Contributor’ role?

Answer 10

Manage backup services without creating vaults or assigning access.

Question 11

Which role can manage Traffic Manager profiles but not control access?

Answer 11

Traffic Manager Contributor

Question 12

What permissions does the ‘Elastic SAN Owner’ role have?

Answer 12

Full access to Azure Elastic SAN resources and security policies.

Question 13

What is the role of ‘Desktop Virtualization Workspace Contributor’?

Answer 13

Manage the Desktop Virtualization Workspace.

Question 14

What actions does ‘Azure Front Door Profile Reader’ role allow?

Answer 14

View profiles and endpoints without making changes.

Question 15

Which role can create, modify, and delete media accounts in Azure?

Answer 15

Media Services Account Administrator

Question 16

What permissions does the ‘DNS Zone Contributor’ role allow?

Answer 16

Manage DNS zones and records without controlling access.

Question 17

What is the responsibility of the ‘SignalR App Server’ role?

Answer 17

Allows app server access to SignalR Service with AAD auth options.

Question 18

Which role provides permissions to manage storage accounts?

Answer 18

Storage Account Contributor

Question 19

What does the ‘Classic Storage Account Key Operator Service’ role allow?

Answer 19

List and regenerate keys for Classic Storage Accounts.

Question 20

What is the responsibility of the ‘Azure Maps Data Contributor’ role?

Answer 20

Read, write, and delete access to map data in Azure Maps account.

Question 21

Which role can submit and manage own jobs in Data Lake Analytics?

Answer 21

Data Lake Analytics Developer

Question 22

What permissions does the ‘Network Contributor’ role allow?

Answer 22

Manage networks without access to them; excludes VM deployment.

Question 23

What is the responsibility of the ‘Role Based Access Control Administrator’ role?

Answer 23

Manage access to resources by assigning roles in Azure RBAC.

Question 24

Which role grants full access to manage reservations in a tenant?

Answer 24

Reservations Administrator

Question 25

What permissions does ‘Virtual Machine Data Access Administrator’ provide?

Answer 25

Manage role assignments for VM Admin and User Login roles.

Question 26

What is the primary role of ‘Azure Spring Cloud Config Server Contributor’?

Answer 26

Manage Azure Spring Cloud Config Server with full permissions.

Question 27

What is the function of ‘Virtual Machine Administrator Login’?

Answer 27

View VMs and login as administrator.

Question 28

What is the responsibility of the ‘Storage File Data SMB Share Contributor’?

Answer 28

Read, write, and delete access to files in Azure file shares.

Question 29

Which role allows for read-only access to backup services?

Answer 29

Backup Reader

Question 30

What is the function of ‘Desktop Virtualization Power On Off Contributor’?

Answer 30

Start and stop VMs in Azure Virtual Desktop.

Question 31

What permissions does the ‘Private DNS Zone Contributor’ role provide?

Answer 31

Manage private DNS zones without linked virtual network control.

Question 32

Which role can manage CDN profiles and endpoints?

Answer 32

CDN Profile Contributor

Question 33

What is the function of ‘Elastic SAN Network Admin’?

Answer 33

Access to create private endpoints and read SAN resources.

Question 34

What does the ‘Azure Maps Data Reader’ role allow?

Answer 34

Read access to Azure Maps data.

Question 35

Which role allows viewing SignalR service access keys?

Answer 35

SignalR AccessKey Reader

Question 36

What is the ‘Desktop Virtualization Application Group Contributor’ role responsible for?

Answer 36

Manage the Desktop Virtualization Application Group.

Question 37

What actions are allowed by ‘Storage Queue Data Contributor’?

Answer 37

Read, write, and delete Azure Storage queues and messages.

Question 38

What permissions does ‘Classic Storage Account Contributor’ provide?

Answer 38

Manage classic storage accounts without access to data.

Question 39

What is the function of ‘Azure Front Door Domain Contributor’?

Answer 39

Manage Front Door domains without granting access.

Question 40

Which role grants read access to Azure Front Door secrets?

Answer 40

Azure Front Door Secret Reader

Question 41

What does the ‘Compute Gallery Sharing Admin’ role allow?

Answer 41

Share gallery to other subscriptions or tenants.

Question 42

What is the ‘Elastic SAN Volume Group Owner’ role?

Answer 42

Full access to volume group in Elastic SAN including security policies.

Question 43

What permissions does the ‘Storage Blob Data Owner’ role provide?

Answer 43

Full access to blob containers and data, including POSIX control.

Question 44

What is the responsibility of the ‘Media Services Streaming Endpoints Administrator’ role?

Answer 44

Manage streaming endpoints in Media Services.

Question 45

What does the ‘Traffic Manager Contributor’ role allow?

Answer 45

Manage Traffic Manager profiles without access control.

Question 46

What actions does ‘Virtual Machine Local User Login’ role permit?

Answer 46

Login to VMs as a local user.

Question 47

Which role provides manage access to media streaming policies?

Answer 47

Media Services Policy Administrator

Question 48

What is the function of ‘Azure Spring Cloud Service Registry Reader’?

Answer 48

Read access to Azure Spring Cloud Service Registry.

Question 49

What permissions does ‘Azure Spring Cloud Job Log Reader’ allow?

Answer 49

Read real-time logs for jobs in Azure Spring Apps.