Free Microsoft Identity SC-300 Actual Exam Questions - Question 5 Discussion
You have an Azure subscription that contains the resources shown in the following table. 
For which resources can you create an access review?
C. Access reviews work on groups and role assignments, so it makes sense to include Group1, Role1, and Contributor since these likely represent groups and assigned roles, not just standalone roles or resources.
C, since access reviews cover groups and role assignments, not just groups alone.
Not B, because resource access reviews can’t be created on just any resource like Hotel; they need to be focused on groups or role assignments, which makes C or D more likely.
D. Only groups like Group1 can have direct access reviews created, since access reviews for role assignments usually require a group or user context, which isn’t clearly specified here for Contributor or Role1.
I think D makes the most sense. Only groups like Group1 can have access reviews directly created for them. While roles like Contributor and Role1 involve permissions, access reviews are primarily designed for groups to review membership. Roles aren’t independently reviewed in the same way, which rules out C. So, going with D feels safer since it sticks to the core supported type for these reviews.
I agree with C because access reviews cover groups and role assignments, including roles like Contributor and Role1. Apps aren’t eligible, which rules out A and B, and D leaves out the roles that should be included.
It’s C because access reviews focus on groups and role assignments, so Group1, Role1, and Contributor are in scope. Apps and other resource types aren’t supported, so that rules out A and B.
Guessing C since apps are excluded and roles with groups make sense here.
It’s C because access reviews work on groups and role assignments, like Role1 and Contributor, but not on apps or other resource types. D misses out the roles, which are definitely reviewable.
C/D? I know access reviews target groups for sure, but roles like Contributor can also have them. Apps definitely don’t fit, so A and B are out. Not sure if roles alone qualify without groups though.
Access reviews are mainly for Azure AD groups and role assignments, so that rules out apps like App1. Group1 definitely fits, and since roles like Role1 and permissions like Contributor can have access reviews on their assignments, C looks right to me.
I thought it was D at first, but then I checked and access reviews can also be done on role assignments, not just groups. So C makes more sense because it includes Group1, Role1, and Contributor, which are the typical candidates for access reviews. Apps usually don’t get access reviews directly, so that rules out A. B doesn’t fit either since the Hotel (probably an app) isn’t covered by access review.
It’s D, since access reviews are mainly for groups, not apps or roles directly.