0
0
Azurecloud~20 mins

Custom role definitions in Azure - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Azure Custom Role Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding the purpose of custom role definitions

What is the main reason to create a custom role definition in Azure?

ATo automatically assign roles to all users in a subscription
BTo grant permissions that are not available in built-in roles
CTo restrict access to Azure portal settings only
DTo create a backup of existing built-in roles
Attempts:
2 left
💡 Hint

Think about why built-in roles might not always fit every need.

Configuration
intermediate
2:00remaining
Identifying valid JSON structure for a custom role

Which JSON snippet correctly defines a custom role with permission to read storage accounts?

A{ "Name": "Storage Reader", "IsCustom": true, "Permissions": [{ "Actions": ["Microsoft.Storage/storageAccounts/read"] }], "AssignableScopes": ["/subscriptions/12345678-1234-1234-1234-123456789abc"] }
B{ "Name": "Storage Reader", "IsCustom": true, "Actions": ["Microsoft.Storage/storageAccounts/read"], "NotActions": [], "AssignableScopes": ["/subscriptions/12345678-1234-1234-1234-123456789abc"] }
C} ]"cba987654321-4321-4321-4321-87654321/snoitpircsbus/"[ :"sepocSelbangissA" ,]} ]"daer/stnuoccAegarots/egarotS.tfosorciM"[ :"snoitcA" {[ :"snoissimreP" ,eurt :"motsuCsI" ,"redaeR egarotS" :"emaN" {
D{ "Name": "Storage Reader", "IsCustom": true, "Actions": ["Microsoft.Storage/storageAccounts/read"], "AssignableScopes": ["/subscriptions/12345678-1234-1234-1234-123456789abc"] }
Attempts:
2 left
💡 Hint

Check the exact property names and structure required by Azure for custom roles.

Architecture
advanced
2:00remaining
Scope assignment impact on custom roles

You assign a custom role at the resource group level. What is the effect on access permissions?

AThe role permissions apply only to the resource group and its parent subscription
BThe role permissions apply to all subscriptions under the tenant
CThe role permissions apply to all resource groups in the subscription
DThe role permissions apply only to resources within that resource group
Attempts:
2 left
💡 Hint

Consider how Azure RBAC scopes permissions hierarchically.

security
advanced
2:00remaining
Least privilege principle with custom roles

Which practice best follows the least privilege principle when creating custom roles?

AGrant all read permissions to simplify access
BGrant contributor role permissions to avoid missing access
CGrant only the specific actions needed for the user's tasks
DGrant permissions at the subscription level by default
Attempts:
2 left
💡 Hint

Least privilege means giving only what is necessary, nothing more.

service_behavior
expert
2:00remaining
Effect of missing 'AssignableScopes' in custom role definition

What happens if you create a custom role definition in Azure without specifying the 'AssignableScopes' property?

AThe role cannot be assigned to any scope and will cause an error
BThe role is automatically assignable to all subscriptions in the tenant
CThe role is assignable only to the subscription where it was created
DThe role is assignable only to resource groups within the subscription
Attempts:
2 left
💡 Hint

Think about the role assignment process and required properties.