Learn how to apply least-privilege best practices to a resource group in Azure and why the resource group scope is the best option.
Table of Contents
Question
Suppose a developer needs full access to a resource group. If you are following least-privilege best practices, what scope should you specify?
A. Resource
B. Resource group
C. Subscription
Answer
B. Resource group
Explanation
Following least-privilege best practices, you grant only the access the user needs to do their job. In this case, you should set the scope to the resource group.
- Scope is the level at which access applies in Azure. It can be a management group, subscription, resource group, or resource. Lower levels inherit permissions from higher levels.
- Least-privilege best practices recommend granting only the minimum access required to perform a task. This reduces the attack surface and the impact of a security breach.
- A developer who needs full access to a resource group should be assigned a role at the resource group scope, not at a higher or lower scope. This way, the developer can manage all the resources in the resource group, but not access other resources or grant access to others.
A is incorrect because following least-privilege best practices, you grant only the access the user needs to do their job. In this case, you should set the scope to the resource group.
C is incorrect because following least-privilege best practices, you grant only the access the user needs to do their job. In this case, you should set the scope to the resource group
Microsoft Azure Administrator AZ-104 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft Azure Administrator AZ-104 exam and earn Microsoft Azure Administrator AZ-104 certification.