Roles and RBAC

Question 1

Azure portal cannot be used to create a custom RBAC role, you must use one of the command line or scripting interfaces like:

Answer 1

-Azure CLI
-Azure PowerShell
-Azure CloudShell
-Rest API

Question 2

Roles

Answer 2

Azure AD roles allow you different permissions to administer Azure identities

Azure resource roles allow you different permissions mainly for managing the configuration of Azure resources (Owner, Contributor, Reader, etc.)

Question 3

Key RBAC Roles

Answer 3

Reader: can read or view only
Contributor: can manage resources but it cannot assign roles to other users
Owner: can manage resources and it can grant additional roles to other users
User Access Administrator: allowed to manage user access to Azure resources, but thats it!

Question 4

You are creating a custom RBAC role and want to restrict all but a few allowable actions to the new role. What section of the role definition JSON file do you configure?

Answer 4

Actions!

Question 5

Only User Access Administrator and Owner has:

Answer 5

RBAC permissions to create or delete resource locks

Question 6

You need to ensure User1 can grant admin consent for published Apps. Which two possible roles can you assign?

Answer 6

Cloud Application Administrator
or
Application Administrator

Question 7

Who can transfer the ownership of a subscription?

Answer 7

Billing Administrator
use the Azure Account Center tool to do it

Question 8

Application Developer role can

Answer 8

register apps!

Question 9

Virtual Machine Contributor

Answer 9

Lets you manage virtual machines, but not acces to them. And not the virtual network or storage account they are connected to