The diagram you see here is a must know for understanding how access is authorized in Azure.
Start with the concept of a security principal: This could be a user, a group, a service principal, or a managed identity. So remember those.
Design service principals for applications
Then you’ve got role assignments which link identities to role definitions. These are basically your permission so you’ll need to know how those are set up within there.
Next up is the scope. This is all about where the access policies are applied. So practice going through and doing these things.
And who gets access is a great question. What can they do? And where can they do it is key to understanding the exam.
One of the things you want to keep in mind is expect to see the structure shown in your exam, especially in questions about RBAC, role based access control, and general access control.
Links:
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
https://learn.microsoft.com/en-us/azure/active-directory/governance/identity-governance-applications-prepare
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time
https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-pta