Home » Microsoft » AZ-500 v.2 » How should you complete the role definition of Role1?
HOTSPOT
You need to create Role1 to meet the platform protection requirements.
How should you complete the role definition of Role1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation/Reference:
Explanation:
Scenario: A new custom RBAC role named Role1 must be used to delegate the administration of the managed disks in Resource Group1. Role1 must be available only for Resource Group1.
Azure RBAC template managed disks "Microsoft.Storage/"
References:
https://blogs.msdn.microsoft.com/azureedu/2017/02/11/new-managed-disk-storage-option-for-your-azure-vms/
https://blogs.msdn.microsoft.com/azure4fun/2016/10/21/custom-azure-rbac-roles-and-how-to-extend-existing-role-definitions-scope/
Platform Protection Requirements
Litware identifies the following platform protection requirements:
Microsoft Antimalware must be installed on the virtual machines in RG1.
The members of Group2 must be assigned the Azure Kubernetes Service Cluster Admin Role.
Azure AD users must be able to authenticate to AKS1 by using their Azure AD credentials.
Following the implementation of the planned changes, the IT team must be able to connect to VM0 by using JIT VM access.
A new custom RBAC role named Role1 must be used to delegate the administration of the managed disks in RG1. Role1 must be available only for RG1.
the linked reference (1) even states that (only) if you select NOT to use a managed disk, the process will create a storage account. So if you select managed disk you don’t need a storage account, therefore the given answer doesn’t make sense.
should be: Microsoft.Compute/disks
see: https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/disks
obviously second answer should be detailed selection of RG1
Microsot compute > Disl > Resource Group1
If the scope is only RG1 should the answer for the last box not be the second option?