Microsoft Cybersecurity Architect Expert SC-100
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
Given the security requirements for the InfraSec group, you need to propose an appropriate solution. Specifically, those requirements mandate that only members of the group named InfraSec should have the authority to configure network security groups (NSGs) as well as instances of Azure Firewall, Web Application Firewall (WAF), and Azure Front Door within the subscription labeled Sub1. What method or tool should be employed to delegate this access control?
Explanation:
The correct answer is B. a custom role-based access control (RBAC) role. The security requirements specify that only the InfraSec group should be allowed to configure NSGs, Azure Firewall, WAF, and Front Door. Creating a custom RBAC role allows for granular control and can be tailored specifically to meet these requirements. Built-in roles may not offer the exact permissions needed, thus a custom RBAC role is the best fit. Assigning this custom role ensures adherence to the principle of least privilege, granting only the necessary permissions to the InfraSec group.