Exam AZ-400 All QuestionsBrowse all questions from this exam
Go to Exam
Question 126

DRAG DROP -

You have a tenant in Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. The tenant contains three groups named Group1, Group2, and Group3.

You create a new project in Azure DevOps named Project1.

You need to secure the service connections for Project1. The solution must meet the following requirements:

• The members of Group1 must be able to share and unshare a service connection with other projects.

• The members of Group2 must be able to rename a service connection and update the description.

• The members of Group3 must be able to use the service connection within build or release pipelines.

• The principle of least privilege must be followed.

Which permission should you grant to each group? To answer, drag the appropriate permissions to the correct groups. Each permission may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
BakaPon

Group1: Org-level Admin Group2: Project-level Admin Group3: User The organization-level Administrator can do the following administrative tasks: - Manage organization-level users - Edit all the fields of a service connection - Share and unshare a service connection with other projects https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#organization-level-permissions The project-level Administrator can do the following tasks: - Manage other users and roles at the project-level - Rename a service connection and update the description - Delete a service connection, which removes it from the project https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#project-level-permissions A User can: - Use the service connection when authoring build or release pipelines or authorize yaml pipelines https://learn.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints?view=azure-devops&tabs=yaml#user-permissions

Gabsyfire

correct

Alandt

Apologies for the confusion. You're correct. Here's the corrected assignment: Group1: Organization-level Administrator - The Organization-level Administrator role allows members to share and unshare a service connection with other projects. Group2: Creator - The Creator role allows members to rename a service connection and update the description. Group3: User - The User role allows members to use the service connection within build or release pipelines. This setup follows the principle of least privilege, as each group is only granted the permissions necessary for their specific tasks.

Papee

Contributor Creator User With the "Contributor" permission you can share and unshare service connections with other projects. Keep in mind the principle of least privilege. https://learn.microsoft.com/en-us/azure/devops/organizations/security/permissions?view=azure-devops&tabs=preview-page#groups

sondrex

project-level Administrator Contributor User

Misterit

1.Contributor The Contributor role allows members to manage resources, including sharing and unsharing service connections across projects. This role has sufficient privileges for managing service connections but not for more administrative tasks. 2. Project-level Administrator Project-level Administrators can manage various project settings, including renaming and updating descriptions of service connections. This role provides the necessary administrative capabilities specific to the project without granting broader administrative privileges. 3. User Users can utilize the service connections within build or release pipelines. This role ensures they can access the resources needed for their tasks without having permissions to alter the configurations of the service connections.