Security And Governance Boundary — Azure AI Engineer (AI-300)
Identity, Detection, and Posture Are Three Different Problems
Exam questions in this family often describe a threat or compliance scenario and list four services that address different layers of it. Microsoft Entra ID governs authentication and authorization. Azure RBAC enforces what authenticated identities can do with Azure resources. Microsoft Defender for Cloud assesses posture and provides threat protection recommendations. Microsoft Sentinel is a SIEM—it detects, investigates, and responds. Conflating detection with posture management or identity with access control is the consistent failure mode here.
What This Pattern Tests
Azure security questions test four distinct control planes. RBAC controls who can manage resources (Contributor, Reader, custom roles) scoped to management group, subscription, resource group, or resource. Azure Policy controls what resource configurations are allowed (enforce tags, restrict VM sizes, require encryption). NSGs control network traffic at the subnet or NIC level. Conditional Access controls authentication requirements (MFA, compliant device, location). The exam tests whether you apply the right control at the right layer — using Azure Policy to enforce encryption at rest, not RBAC.
Decision Axis
Security layer (identity vs. configuration vs. network vs. authentication) determines which Azure control applies.
Associated Traps
More Top Traps on This Exam
Decision Rules
Whether to scope RBAC role assignments at the shared workspace level (near-right: role is ML-specific but grants cross-project access) or at the project-specific resource group and associated storage account level (correct: satisfies per-project least-privilege isolation).
Determine whether the IaC deployment configuration correctly layers both the network isolation boundary (private endpoint with publicNetworkAccess disabled) and the identity boundary (managed identity RBAC scoped to workspace resource group), versus a near-right option that satisfies only one of the two required boundaries.
Whether to assign a narrow data-plane storage role scoped to the workspace's storage account, or to satisfy access by elevating scope to the resource group or subscription with a broader management role.
Which combination of configurations—network isolation control and GitHub Actions authentication mechanism—satisfies both constraints at the minimum necessary scope, without extending RBAC beyond the workspace resource group or adding managed VNet infrastructure not required by the stated threat model?
Assign the AzureML Data Scientist built-in role scoped to the workspace plus Storage Blob Data Reader scoped to the specific container, rather than assigning a single broad role (e.g., Contributor) at subscription or resource group scope.
Whether to scope the Contributor role assignment to the Foundry project resource group or to the broader subscription — only resource-group scope satisfies least-privilege, because subscription-scope Contributor grants write access to every resource in the subscription regardless of project membership.
Whether to enforce Foundry inference-endpoint network isolation using a scoped Private Endpoint paired with public-network-access disabled on the Foundry resource (least complexity, constraint satisfied) versus a hub-spoke topology with Azure Firewall and custom route tables that overreaches the single-project boundary requirement.
Should the RBAC role assignment be scoped to the Foundry project resource group with a read-only role, or to the subscription with a broader role — and which pairing is the only one that satisfies least-privilege without granting cross-project write access?
Whether to assign a Private Endpoint scoped to the Foundry project's resource group VNet (satisfying network-isolation at the narrowest viable scope) versus deploying a broader network security appliance or hub-spoke topology that exceeds the constraint and introduces unjustified operational complexity.
Domain Coverage
Difficulty Breakdown