Should the answer be C. Contributor? Answer B, only allows the managing of the VM's and not the Virtual Networks as stated in the question.

Correct Answer: C Only Owner and Contributor can perform the actions, but we need to follow the least privilege principal, so Contributor. A: Owner- Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. B: Virtual Machine Contributor - Create and manage virtual machines, manage disks and disk snapshots, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC. C: Contributor - Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. D: Virtual Machine Administrator Login - View Virtual Machines in the portal and login as administrator. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Ref: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles Virtual Machine Contributor > B: Wrong Answer. Create and manage virtual machines, manage disks, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC. Correct answer > C. Contributor

I passed with these questions and many friends passed too, all questions appeared in the real exam a great study resource, contact me on [email protected]

I passed with these questions and many friends passed too, all questions appeared in the real exam a great study resource, contact me on [email protected]

The correct answer is B. Virtual Machine Contributor I took a test and got 90% with the C. Contributor option, and I retook the test with B and got 100%

Q was in exam 29th July 2023

'Contributor': because both vm and vnet need to be managed. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor

This was on exams on 21/7/2023. I selected C

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries

Was on the exam on 6/17/2023.

C. Contributor To ensure that User1 can deploy virtual machines and manage virtual networks with the principle of least privilege, you should assign the Contributor role to User1. The Contributor role provides permissions to create and manage Azure resources but does not grant excessive privileges like the Owner role. By assigning the Contributor role, User1 will have the necessary permissions to deploy virtual machines and manage virtual networks without having unrestricted access to other resources or the subscription management. The Virtual Machine Contributor role is more limited and focuses specifically on managing virtual machines. It does not include permissions to manage virtual networks, so it is not the most appropriate choice for this scenario. The Virtual Machine Administrator Login role is specific to Windows Virtual Desktop and grants permissions to manage the administrative accounts for virtual machines in a virtual desktop infrastructure. Therefore, the best option in this scenario is to assign the Contributor role to User1.

Keyword here is & Networks. Only the contributor role can manage the VM's and the Networks.

B. Virtual Machine Contributor. To meet the requirement of allowing User1 to deploy virtual machines and manage virtual networks with the principle of least privilege, the Virtual Machine Contributor role should be assigned to User1. This role allows User1 to manage virtual machines, but only those virtual machines for which they have been granted access. Additionally, this role provides permissions to manage the virtual network resources required to support the virtual machines. Assigning the Owner or Contributor role to User1 would provide more permissions than necessary, and therefore, does not follow the principle of least privilege. The Virtual Machine Administrator Login role does not provide the necessary permissions to deploy virtual machines or manage virtual networks.

This was on the exam today!

Answer is C. Because having user1 has role of "VirtualMachineContributor", User1 can Create and manage virtual machines, manage disks, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. But we cannot create VM as this role as dosen't having write access to Microsoft.Network/virtualNetworks Microsoft.Network/publicIPAddresses Microsoft.Network/networkSecurityGroups which stops VM creation.

On the 09/01/2023 exam