Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-104 topic 2 question 36 discussion

Actual exam question from Microsoft's AZ-104
Question #: 36
Topic #: 2
[All AZ-104 Questions]

You have an Azure subscription that contains a user named User1.
You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.
Which role-based access control (RBAC) role should you assign to User1?

  • A. Owner
  • B. Virtual Machine Contributor
  • C. Contributor
  • D. Virtual Machine Administrator Login
Show Suggested Answer Hide Answer
Suggested Answer: C ūüó≥ÔłŹ
Contributor: Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC
Incorrect Answers:
A: Owner: Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.
B: Virtual Machine Contributor: Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
D: Virtual Machine Administrator Login: View Virtual Machines in the portal and login as administrator.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
wooyourdaddy
Highly Voted 3 years ago
Should the answer be C. Contributor? Answer B, only allows the managing of the VM's and not the Virtual Networks as stated in the question.
upvoted 224 times
Holydud
1 year, 3 months ago
Was on exam 19 Aug 2022. Scored 870. Answered C
upvoted 18 times
TDsysadmin
1 year, 3 months ago
did you prepare from this dump only?
upvoted 6 times
...
...
alessioferrario
2 years, 9 months ago
I agree
upvoted 1 times
...
Miles19
2 years, 8 months ago
You are right, definitely, we need to assign a role of contributor, as the virtual machine contributor isn't enough - can't even manage the virtual networks to which the VM is attached to. See details: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 1 times
...
ciscogeek
2 years, 8 months ago
Whatever Manage means by Microsoft standards, as per the doc they say, VM Contributor can manage. Virtual Machine Contributor Lets you "manage" virtual machines, but not access to them, and not the virtual network or storage account they're connected to. I would go for B.
upvoted 2 times
brico
2 years, 5 months ago
Can't be B. As you mentioned in your response, "and not the virtual network...". C is the correct answer.
upvoted 8 times
Hari2017
1 year, 9 months ago
Answer is C because though the question says least privilege it should meet both the conditions of managing VMs & VNets.
upvoted 5 times
...
...
Gadzee
1 year, 10 months ago
I would go for B taking into account that they say "least privilege"
upvoted 4 times
Broniac
1 year, 9 months ago
yes but, with B you can only achieve to manage VMs not Vnets which is also mentioned.
upvoted 9 times
...
...
Deputy7
1 year, 9 months ago
Bro, It is User1 can deploy virtual machines and manage virtual networks. So, Definitely C.
upvoted 2 times
...
...
...
mlantonis
Highly Voted 2 years, 6 months ago
Correct Answer: C Only Owner and Contributor can perform the actions, but we need to follow the least privilege principal, so Contributor. A: Owner- Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. B: Virtual Machine Contributor - Create and manage virtual machines, manage disks and disk snapshots, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC. C: Contributor - Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. D: Virtual Machine Administrator Login - View Virtual Machines in the portal and login as administrator. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 141 times
...
TSKARAN
Most Recent 1 week, 3 days ago
Selected Answer: C
Ref: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles Virtual Machine Contributor > B: Wrong Answer. Create and manage virtual machines, manage disks, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC. Correct answer > C. Contributor
upvoted 1 times
...
mattpaul
1 month, 2 weeks ago
I passed with these questions and many friends passed too, all questions appeared in the real exam a great study resource, contact me on [email protected]
upvoted 1 times
...
mattpaul
1 month, 2 weeks ago
I passed with these questions and many friends passed too, all questions appeared in the real exam a great study resource, contact me on [email protected]
upvoted 1 times
...
Dong_St
2 months, 1 week ago
The correct answer is B. Virtual Machine Contributor I took a test and got 90% with the C. Contributor option, and I retook the test with B and got 100%
upvoted 2 times
...
Kr1s
4 months, 1 week ago
Q was in exam 29th July 2023
upvoted 4 times
...
Mehedi007
4 months, 2 weeks ago
Selected Answer: C
'Contributor': because both vm and vnet need to be managed. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor
upvoted 1 times
...
NYTK
4 months, 3 weeks ago
This was on exams on 21/7/2023. I selected C
upvoted 2 times
...
raj24051961
5 months, 1 week ago
Selected Answer: C
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries
upvoted 1 times
...
kmsalman
5 months, 3 weeks ago
Was on the exam on 6/17/2023.
upvoted 1 times
...
Athul07
6 months, 1 week ago
C. Contributor To ensure that User1 can deploy virtual machines and manage virtual networks with the principle of least privilege, you should assign the Contributor role to User1. The Contributor role provides permissions to create and manage Azure resources but does not grant excessive privileges like the Owner role. By assigning the Contributor role, User1 will have the necessary permissions to deploy virtual machines and manage virtual networks without having unrestricted access to other resources or the subscription management. The Virtual Machine Contributor role is more limited and focuses specifically on managing virtual machines. It does not include permissions to manage virtual networks, so it is not the most appropriate choice for this scenario. The Virtual Machine Administrator Login role is specific to Windows Virtual Desktop and grants permissions to manage the administrative accounts for virtual machines in a virtual desktop infrastructure. Therefore, the best option in this scenario is to assign the Contributor role to User1.
upvoted 1 times
...
emptyH
6 months, 2 weeks ago
Keyword here is & Networks. Only the contributor role can manage the VM's and the Networks.
upvoted 1 times
...
hz78
7 months, 4 weeks ago
B. Virtual Machine Contributor. To meet the requirement of allowing User1 to deploy virtual machines and manage virtual networks with the principle of least privilege, the Virtual Machine Contributor role should be assigned to User1. This role allows User1 to manage virtual machines, but only those virtual machines for which they have been granted access. Additionally, this role provides permissions to manage the virtual network resources required to support the virtual machines. Assigning the Owner or Contributor role to User1 would provide more permissions than necessary, and therefore, does not follow the principle of least privilege. The Virtual Machine Administrator Login role does not provide the necessary permissions to deploy virtual machines or manage virtual networks.
upvoted 2 times
...
Hongzu13
10 months, 3 weeks ago
This was on the exam today!
upvoted 3 times
...
Kishore_Ahmed
10 months, 3 weeks ago
Answer is C. Because having user1 has role of "VirtualMachineContributor", User1 can Create and manage virtual machines, manage disks, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. But we cannot create VM as this role as dosen't having write access to Microsoft.Network/virtualNetworks Microsoft.Network/publicIPAddresses Microsoft.Network/networkSecurityGroups which stops VM creation.
upvoted 1 times
...
typales2005
11 months ago
Selected Answer: C
On the 09/01/2023 exam
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...