Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Exam AZ-104 topic 2 question 35 discussion

Actual exam question from Microsoft's AZ-104
Question #: 35
Topic #: 2
[All AZ-104 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Reader role at the subscription level to Admin1.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Your account must meet one of the following to enable traffic analytics:
Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.
Reference:
https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
asmodeus
Highly Voted 2 years, 5 months ago
Traffic Analytics requires the following prerequisites: A Network Watcher enabled subscription. Network Security Group (NSG) flow logs enabled for the NSGs you want to monitor. An Azure Storage account, to store raw flow logs. An Azure Log Analytics workspace, with read and write access. Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.
upvoted 85 times
rodolfodc
3 weeks, 3 days ago
Answer is NO. Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor.
upvoted 7 times
...
mac_ani
3 weeks, 5 days ago
Answer is NO. Refer the following link: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor.
upvoted 9 times
...
UWSFish
1 month, 1 week ago
My take is that both the question and documentation are wrong...accordingly MSFT will mark A as the correct answer. But...I mean go ahead and try crating a storage account or enabling flow logs with reader. Can't do it. Regardless, I highly doubt Microsoft will mark what their own documentation says wrong.
upvoted 1 times
...
nNeo
2 years ago
Although the article specified, but reader role can't change (or enable) "Traffic Analytics status" setting in NSG flow log settings. IMO, that article should be edited.
upvoted 11 times
...
...
mlantonis
Highly Voted 2 years ago
Correct Answer: A - Yes Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor. Reader role - View all resources, but does not allow you to make any changes. Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. Reference: https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics#user-access-requirements https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 80 times
hercu
1 year, 11 months ago
I think the answer is correct as it's assumed that the prerequisites to use traffic analytics are already met. Refering to: https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq#what-are-the-prerequisites-to-use-traffic-analytics- As a result, as stated just few lines below, all following roles: Owner, Contributor, Reader, or Network Contributor are sufficient to enable Traffic Analytics.
upvoted 2 times
...
xupiter
1 year, 11 months ago
"Reader role - View all resources, but does not allow you to make any changes." So that means this role doesn't allow you to enable traffic analytics. So it cannot be "Yes".
upvoted 10 times
Mozbius_
1 year, 4 months ago
Yet it is "Yes". You can blame Microsoft for the confusion. https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq
upvoted 6 times
...
...
...
TestKingTW
Most Recent 2 days, 11 hours ago
Selected Answer: B
NO, reader doesn't fulfill the request
upvoted 1 times
...
RandomNickname
5 days ago
Selected Answer: B
No. Agree with the others. I'm guessing over time MS article has been updated but currently looks like reader can't perform the required function; https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics
upvoted 2 times
...
vikasshetty296
6 days, 5 hours ago
Selected Answer: B
"Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor." https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq
upvoted 2 times
...
Andreas_Czech
6 days, 7 hours ago
Selected Answer: B
B. No as MS learn: required Roles at the subscription scope: owner, contributor, or network contributor)
upvoted 2 times
...
Sandy0112
2 weeks, 2 days ago
According to recent updates its changed so answer is NO. Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor.
upvoted 1 times
...
Exilic
2 weeks, 4 days ago
Selected Answer: B
OpenAI "Assigning the Reader role to Admin1 only grants read-only access to the Azure subscription. This means that Admin1 will be able to view resources in the subscription, but will not be able to make any changes or enable features such as Traffic Analytics. To enable Traffic Analytics for an Azure subscription, Admin1 needs to be assigned the Network Contributor or Network Security Manager role at the subscription level or at the resource group level that contains the resources to be analyzed. These roles provide the necessary permissions to enable and configure Traffic Analytics. Therefore, assigning the Reader role to Admin1 does not meet the goal of enabling Traffic Analytics for the Azure subscription."
upvoted 1 times
...
kachniarzk
1 month ago
Selected Answer: B
https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq What are the prerequisites to use traffic analytics? Traffic analytics requires the following prerequisites: A Network Watcher enabled subscription. NSG flow logs enabled for the network security groups you want to monitor. An Azure storage account, to store raw flow logs. An Azure Log Analytics workspace, with read and write access. Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor.
upvoted 4 times
...
Chris76
1 month ago
Selected Answer: B
Answer is NO. The msdocs have been ammended: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq "Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor." Reader is not there anymore
upvoted 6 times
...
Chris76
1 month ago
Answer is NO. The msdocs have been ammended: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq "Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor." Reader is not there anymore
upvoted 4 times
...
C_M_M
1 month, 1 week ago
Just copied this from the site. Maybe they have updated the documentation Traffic analytics requires the following prerequisites: A Network Watcher enabled subscription. NSG flow logs enabled for the network security groups you want to monitor. An Azure storage account, to store raw flow logs. An Azure Log Analytics workspace, with read and write access. Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor.
upvoted 6 times
ericZX
1 month ago
Yes, there is no 'reader' anymore Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor. https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq
upvoted 2 times
...
...
hz78
1 month, 1 week ago
NO. Assigning the Reader role at the subscription level to Admin1 will only allow them to view the resources in the subscription and will not provide the necessary permissions to enable Traffic Analytics. The Reader role is a read-only role, which means that Admin1 will not be able to make any changes to the resources or enable any features. Therefore, the solution mentioned in the scenario is not sufficient to meet the goal of ensuring that Admin1 is assigned the required role to enable Traffic Analytics for the Azure subscription.
upvoted 2 times
...
Aluksy
1 month, 2 weeks ago
was on today's exam passed with 830 score
upvoted 3 times
...
sankar07
1 month, 3 weeks ago
Its A.
upvoted 1 times
...
sasa33_p
2 months, 1 week ago
Selected Answer: A
https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.
upvoted 1 times
...
ruqing888
2 months, 1 week ago
Selected Answer: B
No, assigning the Reader role at the subscription level to Admin1 does not meet the goal of enabling Traffic Analytics for the Azure subscription. The Reader role only provides read-only access to the resources within the subscription, it does not grant the permission to configure Traffic Analytics or any other monitoring-related services.
upvoted 2 times
qjack
2 months, 1 week ago
https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq "Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor."
upvoted 2 times
ruqing888
2 months ago
My bad! I agree with you actually will choose A.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...