Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-104 topic 2 question 35 discussion

Actual exam question from Microsoft's AZ-104
Question #: 35
Topic #: 2
[All AZ-104 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Reader role at the subscription level to Admin1.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A ūüó≥ÔłŹ
Your account must meet one of the following to enable traffic analytics:
Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
asmodeus
Highly Voted 3 years, 7 months ago
Traffic Analytics requires the following prerequisites: A Network Watcher enabled subscription. Network Security Group (NSG) flow logs enabled for the NSGs you want to monitor. An Azure Storage account, to store raw flow logs. An Azure Log Analytics workspace, with read and write access. Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.
upvoted 100 times
visave
3 years, 7 months ago
As per your description the answer is A. could you please paste the source of the information.
upvoted 2 times
Nicodebian
3 years, 7 months ago
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq
upvoted 5 times
...
...
xMilkyMan123
3 years ago
https://github.com/MicrosoftDocs/azure-docs/issues/77499 Dont believe everything you read on the internet. Go and test things for yourself. Even Microsoft official articles can misword things sometimes
upvoted 24 times
IAGirl
2 years, 1 month ago
Pls don't believe everything you read on the internet! To Enable Traffic Analytics your account must be a member of one of the following Azure built-in roles: Owner, Contributor, Reader, Network Contributor or you can create a custom role with the following actions at the subscription level: "Microsoft.Network/applicationGateways/read" "Microsoft.Network/connections/read" "Microsoft.Network/loadBalancers/read" "Microsoft.Network/localNetworkGateways/read" "Microsoft.Network/networkInterfaces/read" "Microsoft.Network/networkSecurityGroups/read" "Microsoft.Network/publicIPAddresses/read" "Microsoft.Network/routeTables/read" "Microsoft.Network/virtualNetworkGateways/read" "Microsoft.Network/virtualNetworks/read" "Microsoft.Network/expressRouteCircuits/read" https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics TESTED
upvoted 12 times
mbaybarsk
2 years, 1 month ago
That's not what the link you've provided say anymore: It now refers to "access" which is not the same thing as "enable".
upvoted 5 times
...
...
juniorccs
2 years, 11 months ago
I agree with you
upvoted 2 times
...
...
visave
3 years, 7 months ago
got it. https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq#:~:text=Your%20account%20must%20meet%20one,%2C%20reader%2C%20or%20network%20contributor.
upvoted 7 times
MountainW
3 years, 3 months ago
The key is to enable, not to use. The article is about to use. The answer is not correct.
upvoted 12 times
JayBee65
3 years, 1 month ago
The requirements above state.. Your account must meet one of the following to ***enable**** traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, ***reader***, or network contributor. So it is correct
upvoted 10 times
jot2
2 years, 6 months ago
The article is wrong in this case. I tried it out. A user with Reader role can't enable Traffic Analytics.
upvoted 9 times
NadirM_18
2 years, 3 months ago
According to this link, they can enable Traffic Analytics: https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
upvoted 2 times
...
...
...
...
...
Chang401
1 year, 9 months ago
agree we can enable TA. use the below link for answer. https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq#what-are-the-prerequisites-to-use-traffic-analytics-
upvoted 3 times
...
...
mlantonis
Highly Voted 3 years, 2 months ago
Correct Answer: A - Yes Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor. Reader role - View all resources, but does not allow you to make any changes. Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. Reference: https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics#user-access-requirements https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 96 times
hercu
3 years ago
I think the answer is correct as it's assumed that the prerequisites to use traffic analytics are already met. Refering to: https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq#what-are-the-prerequisites-to-use-traffic-analytics- As a result, as stated just few lines below, all following roles: Owner, Contributor, Reader, or Network Contributor are sufficient to enable Traffic Analytics.
upvoted 3 times
...
xupiter
3 years ago
"Reader role - View all resources, but does not allow you to make any changes." So that means this role doesn't allow you to enable traffic analytics. So it cannot be "Yes".
upvoted 20 times
Mozbius_
2 years, 5 months ago
Yet it is "Yes". You can blame Microsoft for the confusion. https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq
upvoted 8 times
GoldenDisciple2
11 months, 1 week ago
According to Microsoft, the sky is up, but the answer is down. To Microsoft, the ocean is wet but the answer is dry, the desert is dry but on the exam you must select wet or you'll get it wrong... According to Microsoft, the air in space is breathable... Let me explain. The earth has breathable air and the earth is in space, therefor, the air in space is breathable...
upvoted 10 times
shahidsayyed
8 months, 4 weeks ago
You should try standup comedy as an alternative career. Got into wrong profession.
upvoted 3 times
...
...
...
...
...
Matsane
Most Recent 2 weeks ago
No, assigning the Reader role to Admin1 does not meet the goal. The Reader role only provides read-only access to resources and does not grant the necessary permissions to enable Traffic Analytics. To enable Traffic Analytics, Admin1 requires the Network Contributor role or a higher role like the Contributor or Owner role, which grants the necessary permissions to configure and manage network resources, including Traffic Analytics. You should assign the Network Contributor role (or a higher role) at the subscription level to Admin1 to meet the goal.
upvoted 2 times
...
amurp35
3 weeks, 1 day ago
Selected Answer: B
Please see the actual doc: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites Reader role is not enough: One of the following Azure built-in roles needs to be assigned to your account: Deployment model Role Resource Manager Owner Contributor Network contributor 1 and Monitoring contributor 2
upvoted 2 times
...
3ba6d0b
1 month, 1 week ago
Selected Answer: B
Assigning the Reader role at the subscription level to Admin1 does not meet the goal. The Reader role provides read-only access to Azure resources, which allows viewing information but not configuring or enabling features like Traffic Analytics. To enable Traffic Analytics, Admin1 would need more permissions, typically provided by roles such as Network Contributor or Contributor. These roles allow configuring network resources and settings necessary to enable Traffic Analytics.
upvoted 3 times
...
frvr
1 month, 1 week ago
Selected Answer: B
https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites:~:text=Deployment%20model-,Role,-Resource%20Manager
upvoted 1 times
...
SofiaLorean
1 month, 2 weeks ago
Selected Answer: B
B. No Assigning the Reader role at the subscription level to Admin1 does not meet the goal of enabling Traffic Analytics for an Azure subscription. The Reader role has permissions to view resources but does not allow for any write operations, which are required to enable Traffic Analytics. To enable Traffic Analytics, Admin1 would need to be assigned a role that has write permissions, such as the Owner, Contributor, or a custom role with specific permissions for Traffic Analytics
upvoted 2 times
...
3c5adce
2 months, 1 week ago
No. Access but not enable.
upvoted 1 times
...
SinopsysHK
2 months, 2 weeks ago
Hello, seems that there was a typo in Azure documentation and Reader (read only, cannot make any change) cannot enable Traffic Analytics: cf https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites "One of the following Azure built-in roles needs to be assigned to your account: Owner, Contributor, Network contributor,and Monitoring contributor" Hence answer is B.
upvoted 2 times
...
3c5adce
2 months, 2 weeks ago
NO - to enable Traffic Analytics for an Azure subscription, Admin1 should be assigned the Network Watcher Contributor or Owner, Contributor, User Access Administrator, Security Administrator
upvoted 1 times
...
pverma20
3 months ago
Correct Answer - No (Confirmed, check below documentation) If you enable Traffic Analytics for sure, it require some write access to capture and write the logs. We need to be Logical. https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics Prerequisites Traffic analytics requires the following prerequisites: A Network Watcher enabled subscription. For more information, see Enable or disable Azure Network Watcher. NSG flow logs enabled for the network security groups you want to monitor or VNet flow logs enabled for the virtual network you want to monitor. For more information, see Create a flow log or Enable VNet flow logs. An Azure Log Analytics workspace with read and write access. For more information, see Create a Log Analytics workspace. One of the following Azure built-in roles needs to be assigned to your account: Expand table Deployment model Role Resource Manager Owner Contributor Network contributor 1 and Monitoring contributor 2
upvoted 2 times
...
Annie_5
3 months ago
Selected Answer: B
It seems reader role cannot enable traffic analytics. It can view it.
upvoted 3 times
...
6f80f6c
3 months ago
Selected Answer: B
Answer is B, NO. supporting : https://learn.microsoft.com/en-us/answers/questions/1330227/what-role-is-required-to-be-enabled-at-subscriptio
upvoted 1 times
...
Nushin
3 months ago
Owner Contributor Network contributor 1 and Monitoring contributor 2
upvoted 1 times
...
Jobalos009
3 months, 2 weeks ago
Selected Answer: B
The answer is B https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics
upvoted 1 times
...
MelKr
3 months, 3 weeks ago
Selected Answer: B
According to current documentation B is correct. https://learn.microsoft.com/en-us/azure/network-watcher/required-rbac-permissions#traffic-analytic: "Since traffic analytics is enabled as part of the Flow log resource, the following permissions are required in addition to all the required permissions for Flow logs". I believe that the permission "Microsoft.Network/networkWatchers/configureFlowLog/action" is not part of the Reader role. Also, "Microsoft.OperationalInsights/workspaces/sharedkeys/action" is not in the Reader role.
upvoted 2 times
...
_gio_
3 months, 4 weeks ago
Selected Answer: B
No as explained here: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in