Skill 1.2 Manage Role-Based Access Control(RBAC)

Question 1

What does RBAC do

Answer 1

Allows you to manage the entities, called “Security Principals” that have access to Azure resources and the actions that those entities can perform

Question 2

Who can RBAC access be granted to

Answer 2

Users, Groups, Service Principals, and managed identities through role assignments

Question 3

What is Azure RBAC applicable to

Answer 3

management of resources created in Azure Resource Manager (ARM) deployment model

Question 4

What is a role

Answer 4

definition of what actions are allows and/or denied. RBAC is configured by selecting a role and associated the role with a security princpal

Question 5

What access takes precedence when you have overlapping assignments

Answer 5

Most privileged access

Question 6

What does role permission contain

Answer 6

the list of permissions or declared permissions and those permissions define what actions can or cannot be performed against a type of resource, such as read, write, or delete

Question 7

What are Azure AD administrative roles used for

Answer 7

to allow or restrict admins to perform identity tasks, such as creating new users, resetting passwords, and so on

Question 8

When do security principals have access to Azure resources

Answer 8

when the roel assignment is made

Question 9

Who can create or remove roles

Answer 9

people with the owner or user access administrator built-in roles

Question 10

What can be used to make deny assignments at a child scope

Answer 10

Azure Blueprints and resource locks

Question 11

How many custom roles can you have per directory

Answer 11

5000 Custom roles

Question 12

How many role assignments can you have per subscription

Answer 12

2000

Question 13

What can custom roles be created from

Answer 13

exisiting built-in roles
starting from scratch
JSON file to define custom permissions

Question 14

What permissions are needed to create a custom role

Answer 14

Write permissions on all the items in a scope to create a custom role

Question 15

how are deny assignments set and controlled

Answer 15

by applying a resource lock for resources created through Azure Blueprints

Question 16

Can built-in roles be modified

Answer 16

no

Question 17

What is a custom role definition

Answer 17

collection of permissions that you add from a preset list. These permissions are hte same permissiosn used in the built-in roles

Question 18

What is a security principle

Answer 18

An identity, that gets permissions. It can be s user, group, or service principal

Question 19

Where can role assignments be created and listed

Answer 19

Portal
Azure AD Powershell
Microsoft Graph API

Question 20

What do Custom Roles provide

Answer 20

a set of permissions that are not available whn using built-in roles

Question 21

What is a way to modify small tweaks to permissions

Answer 21

cloning and modifying built-in roles