manage-subscription-access-azure-rbac

subscriptions

Azure __________________________________ help you organize access to Azure resources and determine how resource usage is reported, billed, and paid for

RBAC (role-based access control)

Azure _____________________________________ is the system that allows control over who has access to which Azure resources and what those people can do with those resources

role & scope

By combining Azure ____________________________________, you can set finely tailored permissions for your Azure resources

role

A _______________________________ might be described as a collection of permissions

management groups

Azure _____________________________________ help you manage your Azure subscriptions by grouping them together

scope

The ________________________________ establishes which resources should have a specific type of access applied to them.

Owner or User Access Administrator

Users with the subscription _____________________________________ role have the permissions needed to assign a user administrative access to a subscription

elevate to User Access Administrator

What action can be done to the Global Administrator for Azure AD that grants the Azure RBAC permissions that are needed to manage Azure resources

Management group, subscriptions, resource groups, resources

What are the four levels of scope that you can apply Azure roles?

Contributor

What is the Azure RBAC built-in role that can create and manage Azure resources?

User Access Administrator

What is the Azure RBAC built-in role that can manage access to Azure resources?

Reader

What is the Azure RBAC built-in role that can view only existing Azure resources?

Owner

What is the Azure RBAC built-in role that has full access to all resources, including the ability to delegate access to other users?

the directory

What is the only scope that Azure AD has?

A. Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains.

What's the main difference between Azure roles and Azure AD roles? A. Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains. B. You can assign Azure roles at the root level. C. Azure AD roles are used to manage access to Azure resources. Azure roles are used to view and manage Azure resources.

Billing Administrator

Which Azure AD role can make purchases, manage subscriptions and support tickets, and monitor service health?

Global Administrator

Which Azure AD role can manage access to administrative features in Azure AD, giving the ability to grant admin roles to other users, and to reset a password for any user or admin

User Administrator

Which Azure AD role can manage all aspects of users and groups, including support tickets, monitor service health, and resetting passwords for certain types of users

C. Assign the Owner role at the subscription scope

You need to grant administrator access for an Azure subscription to someone else in your organization. That person needs to be able to manage Azure resources that were created under that subscription. The person also needs access to the billing information for that subscription. What role should you grant them? A. Assign the User Access Administrator role at the subscription scope. B. Assign the Billing Administrator role at the management group scope. C. Assign the Owner role at the subscription scope.

Resource groups

____________________________________ are containers that hold related resources for an Azure solution.

Azure AD roles

_____________________________________ are used to manage access to Azure AD resources, such as user accounts and passwords

Azure roles

_____________________________________ are used to manage access to virtual machines, storage, and other Azure resources