Microsoft Azure Architect Design (AZ-304) Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Microsoft Azure Architect Design (AZ-304) Exam with comprehensive quiz questions designed to enhance your understanding and confidence. Master essential Azure concepts and strategies to excel on your test day!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What should be used to prevent an Azure AD group from changing role assignments while allowing resource creation?

Create a new Azure subscription for the group
Assign a custom role with specific permissions
Use Azure Policy to enforce restrictions
Utilize the existing Project1 subscription roles

The correct answer is: Assign a custom role with specific permissions

Assigning a custom role with specific permissions is the most effective way to prevent an Azure AD group from changing role assignments while still allowing them to create resources. By creating a custom role, you can tailor the permissions to include resource creation capabilities while explicitly excluding permissions related to role modification or assignment. This flexibility allows for fine-grained control over what actions the group can perform within Azure. In contrast, simply creating a new Azure subscription does not inherently manage role assignments; it might isolate the group’s resources but does not provide the necessary permissions without broader implications. Utilizing Azure Policy could help enforce compliance and restrictions, but it does not offer the specificity required to selectively restrict role modification while allowing resource creation. Lastly, relying on existing subscription roles might not provide the necessary control or could lead to unintended permissions being granted, which would not meet the stated requirement effectively.