Question 13

Question

HOTSPOT You have a management group named MG1 that contains an Azure subscription and a resource group named RG1. RG1 contains a virtual machine named VM1. You have the custom Azure roles shown in the following table. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/AZ-500/page_303_img_4.jpg The permissions for Role1 are shown in the following role definition file. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/AZ-500/page_304_img_1.jpg You assign the roles to the users shown in the following table. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/AZ-500/page_304_img_2.jpg For each of the following statements, select Yes if the statement is true. Otherwise, select No https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/AZ-500/page_304_img_3.jpg

Luke · Answer

NO, NO, YES. Saw similar question on exam reports, notActions always overrides.

CarefulMentor7676 · Answer

This matches what I’ve seen on practice tests: NO, NO, YES. The notActions in Role1 block the delete even if another role allows it. Pretty sure that’s how Azure RBAC works, but let me know if anyone found otherwise.

Logan Q. · Answer

Not quite, it's NO, NO, YES. The notActions in Role1 will override even if Role2 allows delete. Lot of folks miss that deny always wins over an allow in Azure RBAC. Correct me if you see it differently.

Owen V. · Answer

Nah, the second statement can trip people up. It's NO, NO, YES since notActions is a hard deny in Azure RBAC, and it takes priority over anything Role2 allows. Seen this come up before, always gets folks.

Anita F. · Answer

Nah, I don’t think YES works in the middle-Role1’s deny wins. NO, NO, YES.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE