Microsoft 70-341 Exam Practice Questions (P. 5)
- Full Access (183 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #21
DRAG DROP -
You have an Exchange Server 2013 organization that contains several custom RBAC management roles.
You need to identify which RBAC scopes must be used to meet the following requirements:
✑ Manage only the mailboxes of the users in the sales department.
✑ Manage the properties of all the mailbox databases.
Which RBAC scopes should you identify? (To answer, drag the appropriate RBAC scopes to the correct requirements. Each RBAC scope may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:
You have an Exchange Server 2013 organization that contains several custom RBAC management roles.
You need to identify which RBAC scopes must be used to meet the following requirements:
✑ Manage only the mailboxes of the users in the sales department.
✑ Manage the properties of all the mailbox databases.
Which RBAC scopes should you identify? (To answer, drag the appropriate RBAC scopes to the correct requirements. Each RBAC scope may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Select and Place:
Correct Answer:
Management role scopes enable you to define the specific scope of impact or influence of a management role when a management role assignment is created.
When you apply a scope, the role assignee assigned to the role can only modify the objects contained within that scope.
A role assignee can be a management role group, management role, management role assignment policy, user, or universal security group (USG)
Every management role, whether it's a built-in role or a custom role, has management scopes. Management scopes can be either of the following:
Implicit scopes are the default scopes that apply to a management role type. Because implicit scopes are associated with a management role type, all of the parent and child management roles with the same role type also have the same implicit scopes.
Implicit scopes apply to both built-in management roles and also to custom management roles.
Implicit scopes defined on management roles
Implicit scopes Description -
Organization If Organization is present in the role's recipient write scope, the role can create or modify recipient objects across the Exchange organization.
If Organization is present in the role's recipient read scope, roles can view any recipient object across the Exchange organization.
Explicit scopes are scopes that you set yourself to control which objects a management role can modify. Although implicit scopes are defined on a management role, explicit scopes are defined on a management role assignment.
This enables the implicit scopes to be applied consistently across all management roles unless you choose to use an overriding explicit scope. For more information about management role assignments, see Understanding Management Role Assignments.
Explicit scopes override the implicit write and configuration scopes of a management role. They don't override the implicit read scope of a management role. The implicit read scope continues to define what objects the management role can read.
Explicit scopes are useful when the implicit write scope of a management role doesn't meet the needs of your business. You can add an explicit scope to include nearly anything you want as long as the new scope doesn't exceed the bounds of the implicit read scope. The cmdlets that are part of a management role must be able to read information about the objects or containers that contain objects for the cmdlets to create or modify objects. For example, if the implicit read scope on a management role is set to Self, you can't add an explicit write scope of Organization because the explicit write scope exceeds the bounds of the implicit read scope.
The OrganizationConfig implicit scope
If OrganizationConfig is present in the role's configuration write scope, the role can create or modify any server or database configuration object across the
Exchange organization.
If OrganizationConfig is present in the role's configuration read scope, the role can view any server or database configuration object across the Exchange organization.
The Recipient filter explicit scope
Recipient filter scopes use filters to target specific recipients based on recipient type or other recipient properties such as department, manager, location, and more.
References:
Management role scopes enable you to define the specific scope of impact or influence of a management role when a management role assignment is created.
When you apply a scope, the role assignee assigned to the role can only modify the objects contained within that scope.
A role assignee can be a management role group, management role, management role assignment policy, user, or universal security group (USG)
Every management role, whether it's a built-in role or a custom role, has management scopes. Management scopes can be either of the following:
Implicit scopes are the default scopes that apply to a management role type. Because implicit scopes are associated with a management role type, all of the parent and child management roles with the same role type also have the same implicit scopes.
Implicit scopes apply to both built-in management roles and also to custom management roles.
Implicit scopes defined on management roles
Implicit scopes Description -
Organization If Organization is present in the role's recipient write scope, the role can create or modify recipient objects across the Exchange organization.
If Organization is present in the role's recipient read scope, roles can view any recipient object across the Exchange organization.
Explicit scopes are scopes that you set yourself to control which objects a management role can modify. Although implicit scopes are defined on a management role, explicit scopes are defined on a management role assignment.
This enables the implicit scopes to be applied consistently across all management roles unless you choose to use an overriding explicit scope. For more information about management role assignments, see Understanding Management Role Assignments.
Explicit scopes override the implicit write and configuration scopes of a management role. They don't override the implicit read scope of a management role. The implicit read scope continues to define what objects the management role can read.
Explicit scopes are useful when the implicit write scope of a management role doesn't meet the needs of your business. You can add an explicit scope to include nearly anything you want as long as the new scope doesn't exceed the bounds of the implicit read scope. The cmdlets that are part of a management role must be able to read information about the objects or containers that contain objects for the cmdlets to create or modify objects. For example, if the implicit read scope on a management role is set to Self, you can't add an explicit write scope of Organization because the explicit write scope exceeds the bounds of the implicit read scope.
The OrganizationConfig implicit scope
If OrganizationConfig is present in the role's configuration write scope, the role can create or modify any server or database configuration object across the
Exchange organization.
If OrganizationConfig is present in the role's configuration read scope, the role can view any server or database configuration object across the Exchange organization.
The Recipient filter explicit scope
Recipient filter scopes use filters to target specific recipients based on recipient type or other recipient properties such as department, manager, location, and more.
References:
All Pages