Microsoft Azure Architect Design (AZ-304) Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Microsoft Azure Architect Design (AZ-304) Exam with our comprehensive resources. Engage with interactive questions, real exam scenarios, and detailed explanations tailored to enhance your understanding. Ace your exam and elevate your cloud architecture skills!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What should be used to prevent an Azure AD group from changing role assignments while allowing resource creation?

  1. Create a new Azure subscription for the group

  2. Assign a custom role with specific permissions

  3. Use Azure Policy to enforce restrictions

  4. Utilize the existing Project1 subscription roles

The correct answer is: Assign a custom role with specific permissions

Assigning a custom role with specific permissions is the most effective way to prevent an Azure AD group from changing role assignments while still allowing them to create resources. By creating a custom role, you can tailor the permissions to include resource creation capabilities while explicitly excluding permissions related to role modification or assignment. This flexibility allows for fine-grained control over what actions the group can perform within Azure. In contrast, simply creating a new Azure subscription does not inherently manage role assignments; it might isolate the group’s resources but does not provide the necessary permissions without broader implications. Utilizing Azure Policy could help enforce compliance and restrictions, but it does not offer the specificity required to selectively restrict role modification while allowing resource creation. Lastly, relying on existing subscription roles might not provide the necessary control or could lead to unintended permissions being granted, which would not meet the stated requirement effectively.

More Questions Like This