manage-subscription-access-azure-rbac
subscriptions
Azure __________________________________ help you organize access to Azure resources and determine how resource usage is reported, billed, and paid for
RBAC (role-based access control)
Azure _____________________________________ is the system that allows control over who has access to which Azure resources and what those people can do with those resources
role & scope
By combining Azure ____________________________________, you can set finely tailored permissions for your Azure resources
role
A _______________________________ might be described as a collection of permissions
management groups
Azure _____________________________________ help you manage your Azure subscriptions by grouping them together
scope
The ________________________________ establishes which resources should have a specific type of access applied to them.
Owner or User Access Administrator
Users with the subscription _____________________________________ role have the permissions needed to assign a user administrative access to a subscription
elevate to User Access Administrator
What action can be done to the Global Administrator for Azure AD that grants the Azure RBAC permissions that are needed to manage Azure resources
Management group, subscriptions, resource groups, resources
What are the four levels of scope that you can apply Azure roles?
Contributor
What is the Azure RBAC built-in role that can create and manage Azure resources?
User Access Administrator
What is the Azure RBAC built-in role that can manage access to Azure resources?
Reader
What is the Azure RBAC built-in role that can view only existing Azure resources?
Owner
What is the Azure RBAC built-in role that has full access to all resources, including the ability to delegate access to other users?
the directory
What is the only scope that Azure AD has?
A. Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains.
What's the main difference between Azure roles and Azure AD roles? A. Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains. B. You can assign Azure roles at the root level. C. Azure AD roles are used to manage access to Azure resources. Azure roles are used to view and manage Azure resources.
Billing Administrator
Which Azure AD role can make purchases, manage subscriptions and support tickets, and monitor service health?
Global Administrator
Which Azure AD role can manage access to administrative features in Azure AD, giving the ability to grant admin roles to other users, and to reset a password for any user or admin
User Administrator
Which Azure AD role can manage all aspects of users and groups, including support tickets, monitor service health, and resetting passwords for certain types of users
C. Assign the Owner role at the subscription scope
You need to grant administrator access for an Azure subscription to someone else in your organization. That person needs to be able to manage Azure resources that were created under that subscription. The person also needs access to the billing information for that subscription. What role should you grant them? A. Assign the User Access Administrator role at the subscription scope. B. Assign the Billing Administrator role at the management group scope. C. Assign the Owner role at the subscription scope.
Resource groups
____________________________________ are containers that hold related resources for an Azure solution.
Azure AD roles
_____________________________________ are used to manage access to Azure AD resources, such as user accounts and passwords
Azure roles
_____________________________________ are used to manage access to virtual machines, storage, and other Azure resources