Examice

Exam PCCSE All QuestionsBrowse all questions from this exam

Question 140

Which IAM Azure RQL query would correctly generate an output to view users who have sufficient permissions to create security groups within Azure AD and create applications?

config where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true

config from cloud.resource where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions exists

config from network where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is false and defaultUserRolePermissions.allowedToCreateApps is true

config from cloud.resource where api.name = ‘azure-active-directory-authorization-policy’ AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true

Correct Answer: D

To identify users who have permissions to create security groups and applications in Azure AD, the query needs to check for both `allowedToCreateSecurityGroups` and `allowedToCreateApps` properties being true. The correct query should filter from `cloud.resource` with the appropriate conditions. Hence, the correct option is to use `config from cloud.resource where api.name = 'azure-active-directory-authorization-policy' AND json.rule = defaultUserRolePermissions.allowedToCreateSecurityGroups is true and defaultUserRolePermissions.allowedToCreateApps is true`.

Discussion

kalapkaOption: D

Correct!

assadhashmiOption: D

The answer is D its condition states true for both.

SpippoloOption: D

D --> I trust you, for exclusion.