Exam AZ-104 topic 2 question 35 discussion

Traffic Analytics requires the following prerequisites: A Network Watcher enabled subscription. Network Security Group (NSG) flow logs enabled for the NSGs you want to monitor. An Azure Storage account, to store raw flow logs. An Azure Log Analytics workspace, with read and write access. Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.

Correct Answer: A - Yes Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor. Reader role - View all resources, but does not allow you to make any changes. Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. Reference: https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics#user-access-requirements https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

NO, reader doesn't fulfill the request

No. Agree with the others. I'm guessing over time MS article has been updated but currently looks like reader can't perform the required function; https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics

"Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor." https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq

B. No as MS learn: required Roles at the subscription scope: owner, contributor, or network contributor)

According to recent updates its changed so answer is NO. Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor.

OpenAI "Assigning the Reader role to Admin1 only grants read-only access to the Azure subscription. This means that Admin1 will be able to view resources in the subscription, but will not be able to make any changes or enable features such as Traffic Analytics. To enable Traffic Analytics for an Azure subscription, Admin1 needs to be assigned the Network Contributor or Network Security Manager role at the subscription level or at the resource group level that contains the resources to be analyzed. These roles provide the necessary permissions to enable and configure Traffic Analytics. Therefore, assigning the Reader role to Admin1 does not meet the goal of enabling Traffic Analytics for the Azure subscription."

https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq What are the prerequisites to use traffic analytics? Traffic analytics requires the following prerequisites: A Network Watcher enabled subscription. NSG flow logs enabled for the network security groups you want to monitor. An Azure storage account, to store raw flow logs. An Azure Log Analytics workspace, with read and write access. Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor.

Answer is NO. The msdocs have been ammended: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq "Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor." Reader is not there anymore

Answer is NO. The msdocs have been ammended: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq "Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor." Reader is not there anymore

Just copied this from the site. Maybe they have updated the documentation Traffic analytics requires the following prerequisites: A Network Watcher enabled subscription. NSG flow logs enabled for the network security groups you want to monitor. An Azure storage account, to store raw flow logs. An Azure Log Analytics workspace, with read and write access. Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, or network contributor.

NO. Assigning the Reader role at the subscription level to Admin1 will only allow them to view the resources in the subscription and will not provide the necessary permissions to enable Traffic Analytics. The Reader role is a read-only role, which means that Admin1 will not be able to make any changes to the resources or enable any features. Therefore, the solution mentioned in the scenario is not sufficient to meet the goal of ensuring that Admin1 is assigned the required role to enable Traffic Analytics for the Azure subscription.

was on today's exam passed with 830 score

Its A.

https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.

No, assigning the Reader role at the subscription level to Admin1 does not meet the goal of enabling Traffic Analytics for the Azure subscription. The Reader role only provides read-only access to the resources within the subscription, it does not grant the permission to configure Traffic Analytics or any other monitoring-related services.