Should the answer be C. Contributor? Answer B, only allows the managing of the VM's and not the Virtual Networks as stated in the question.

Correct Answer: C Only Owner and Contributor can perform the actions, but we need to follow the least privilege principal, so Contributor. A: Owner- Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. B: Virtual Machine Contributor - Create and manage virtual machines, manage disks and disk snapshots, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC. C: Contributor - Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. D: Virtual Machine Administrator Login - View Virtual Machines in the portal and login as administrator. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Question is tricky, but it states "Least privilege" So answer C is correct

C is correct

The correct answer is B. Virtual Machine Contributor1. The Virtual Machine Contributor role allows a user to create and manage virtual machines, manage disks, install and run software, reset the password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions1. However, this role does not grant management access to the virtual network or storage account the virtual machines are connected to1. For managing virtual networks, User1 would also need the Network Contributor role1. This role lets you manage all networking resources, but not access to them1.

Contributor

Ref: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles Virtual Machine Contributor > B: Wrong Answer. Create and manage virtual machines, manage disks, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC. Correct answer > C. Contributor

I passed with these questions and many friends passed too, all questions appeared in the real exam a great study resource, contact me on [email protected]

I passed with these questions and many friends passed too, all questions appeared in the real exam a great study resource, contact me on [email protected]

The correct answer is B. Virtual Machine Contributor I took a test and got 90% with the C. Contributor option, and I retook the test with B and got 100%

Q was in exam 29th July 2023

'Contributor': because both vm and vnet need to be managed. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor

This was on exams on 21/7/2023. I selected C

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries

Was on the exam on 6/17/2023.

C. Contributor To ensure that User1 can deploy virtual machines and manage virtual networks with the principle of least privilege, you should assign the Contributor role to User1. The Contributor role provides permissions to create and manage Azure resources but does not grant excessive privileges like the Owner role. By assigning the Contributor role, User1 will have the necessary permissions to deploy virtual machines and manage virtual networks without having unrestricted access to other resources or the subscription management. The Virtual Machine Contributor role is more limited and focuses specifically on managing virtual machines. It does not include permissions to manage virtual networks, so it is not the most appropriate choice for this scenario. The Virtual Machine Administrator Login role is specific to Windows Virtual Desktop and grants permissions to manage the administrative accounts for virtual machines in a virtual desktop infrastructure. Therefore, the best option in this scenario is to assign the Contributor role to User1.

Keyword here is & Networks. Only the contributor role can manage the VM's and the Networks.