Exam AB-100 Topic 2 Question 53 Discussion

Explanation:
Restricts access to grounding data # Microsoft Purview access policies; Restricts model fine-tuning # Role- based access control (RBAC) in Microsoft Foundry Why Microsoft Purview access policies is correct The grounding data is stored in Microsoft Fabric , and the requirement is to restrict access to that data to only assigned roles.
That is a data governance and access control requirement. Microsoft Purview access policies are the best fit because they are designed to govern and control access to data across enterprise data estates. In this case, they help ensure that only authorized roles can access the grounding data used by the agents.
From an AI business solutions perspective, grounding data is often one of the most sensitive parts of the solution because it can contain:
* proprietary business knowledge
* internal documents
* regulated operational information
* contextual data used to shape model outputs
Purview helps enforce governed access to that data layer rather than relying only on general infrastructure controls.
Why RBAC in Microsoft Foundry is correct
The second requirement is to ensure that only the AI engineering team can perform model fine-tuning .
That is an action-level platform permission requirement. The best control for that is role-based access control (RBAC) in Microsoft Foundry .
RBAC allows the organization to assign permissions based on job function, so only authorized users or groups can:
* create or modify fine-tuning jobs
* manage model assets
* update training configurations
* control deployment-related AI resources
This is the right governance pattern because fine-tuning changes model behavior and can introduce:
* security risk
* compliance risk
* quality drift
* misuse of proprietary datasets
Restricting that capability to the AI engineering team through RBAC creates a clear separation of duties.
Why the other options are incorrect
Azure AI Content Safety
This is used to detect and filter harmful content. It does not control access to Fabric grounding data.
Azure Monitor alerts
Alerts help observe activity, but they do not enforce role-based access to data.
Azure Policy compliance rules
Azure Policy is useful for enforcing resource configuration standards, but it is not the best answer for role- based access to Fabric grounding data or for limiting fine-tuning actions to a specific team.
Azure Resource Manager (ARM) resource locks
Resource locks help prevent deletion or modification of Azure resources, but they do not provide the right permission model for controlling who can perform model fine-tuning operations.
Microsoft Entra Conditional Access
Conditional Access is mainly about sign-in and access conditions, such as device, location, or risk context. It is not the best direct control for restricting fine-tuning permissions inside Foundry.
Expert reasoning
Use this exam shortcut:
* Need to control access to enterprise data # think Purview access policies
* Need to restrict who can perform AI platform actions like fine-tuning # think RBAC in the AI platform So the correct mapping is:
* Restricts access to the grounding data: Microsoft Purview access policies
* Restricts model fine-tuning: Role-based access control (RBAC) in Microsoft Foundry