Find answers, ask questions, and connect with our
community around the world.

Home Forums Azure AZ-305 Designing Microsoft Azure Infrastructure Solutions AZ-305 Practice Exams Set 1 – Incorrect answer?

  • AZ-305 Practice Exams Set 1 – Incorrect answer?

     JR-TutorialsDojo updated 3 weeks, 3 days ago 2 Members · 2 Posts
    AZ-305 Designing Microsoft Azure Infrastructure Solutions

  • hassanrs

    Member
    May 21, 2025 at 1:00 am

    Category: AZ305 – Design Identity, Governance and Monitoring Solutions

    You are managing an Azure account that contains the following resources.

    The Microsoft Entra groups are shown in the table below.

    <i style=”font-family: inherit; font-size: inherit;”>The Microsoft Entra users are assigned to the following groups.

    <i style=”font-family: inherit; font-size: inherit;”>You have been assigned to implement the following requirements:

    Grant the VM Contributor role to Group3 for MG3.

    Grant the Contributor role to Group1 for Tenant Root Group.

    Grant the Contributor role to User1 for Subs3.

    For each of the following items, choose Yes if the statement is true or choose No if the statement is false. Take note that each correct item is worth one point.

    Questions:

    User2 is able to assign roles to Group2.

    User1 is able to deploy a storage account in RG2.

    User3 is able to provision a new VM in RG3.

    ——————————————————————

    The statement: “User1 is able to deploy a storage account in RG2” is incorrectly marked as “Yes” by the platform, whereas the correct answer is “No”.

    The platform answer seems to fall into the classic trap whereby Azure RBAC doesn’t support group nesting. When you assign a role to a group, only the direct members of that group are granted the role. Members of nested groups do not inherit roles.

    In this scenario, the Contributor role is assigned to Group1 at the Tenant Root Group. User1 is not a direct member of Group1. User1 is a member of Group3 and Group3 is a member of Group1 (nested group relationship).

    RBAC role assignments only apply to direct group members, not nested groups. So this does NOT let User1 inherit the Contributor role for MG2 (and hence not for Subs2 or RG2), required to to deploy a storage account in RG2.

    <ul data-question_id=”12682″ data-type=”laq_hotspot_question”>

  • JR-TutorialsDojo

    Administrator
    May 22, 2025 at 10:33 am

    Hello hassanrs,

    Thank you for bringing this to our attention.

    You are correct that nested groups do not inherit access to the shared resources and applications assigned to their parent group. We sincerely apologize for any confusion this may have caused.

    We are actively working on the necessary updates, and you should see the changes reflected on the portal soon.

    Thank you again for bringing this to our attention. If you have any additional insights or need further clarification, feel free to reach out.

    Regards,
    JR @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now
Skip to content