ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 61 discussion

Actual exam question from Microsoft's MS-500
Question #: 61
Topic #: 1
[All MS-500 Questions]

You have a hybrid deployment of Azure Active Directory (Azure AD) that contains two users named User1 and User2.
You need to assign Role Based Access Control (RBAC) roles to User1 and User2 to meet the following requirements:
✑ Use the principle of least privilege.
✑ Enable User1 to view sync errors by using Azure AD Connect Health.
✑ Enable User2 to configure Azure Active Directory Connect Health Settings.
Which two roles should you assign? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. The Monitoring Reader role in Azure AD Connect Health to User1
  • B. The Security reader role in Azure AD to User1
  • C. The Reports reader role in Azure AD to User1
  • D. The Contributor role in Azure AD Connect Health to User2
  • E. The Monitoring Contributor role in Azure AD Connect Health to User2
  • F. The Security operator role in Azure AD to User2
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️
A: The Monitoring Reader can read all monitoring data (metrics, logs, etc.).
Note: Assign the Monitoring reader role to the Azure Active Directory application on the subscription, resource group or resource you want to monitor.
E: Monitoring Contributor can read all monitoring data and edit monitoring settings.
Incorrect:
Not B: Security Reader can view permissions for Security Center. Can view recommendations, alerts, a security policy, and security states, but cannot make changes
Not D: Contributor grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
by billo79152718 at Sept. 16, 2022, 2:35 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
KarimaMaf
2 years ago
A and D Monitoring reader to read monitoring data about the ressource ad connect health D because we need to change the settings of the ressource so we need the role contributor of ad connect health cause monitoring contributor can be used only to change monitoring setting pf ad connect healt and not the ressource settings
upvoted 1 times
...
Tanasi
2 years, 1 month ago
These questions are so so bullshit. Why do I have to remember each miniscule role.
upvoted 3 times
...
AJCG
2 years, 2 months ago
@jay_op do not provide incorrect information unless you have checked . Monitoring reader role does exist.
upvoted 1 times
...
kmk_01
2 years, 3 months ago
Selected Answer: AD
There is no monitoring reader role in Azure AD Connect Health, but there is a reader role.
upvoted 1 times
examdj101j
2 years, 2 months ago
I have the same exact question in another exam prep and the answer is AD.
upvoted 1 times
...
...
msysadmin
2 years, 4 months ago
Correct Answers AD, Azure AD Connect Health supports the following built-in roles: Role Permissions Owner Owners can manage access (for example, assign a role to a user or group), view all information (for example, view alerts) from the portal, and change settings (for example, email notifications) within Azure AD Connect Health. By default, Azure AD Hybrid Identity Administrators are assigned this role, and this cannot be changed. Contributor Contributors can view all information (for example, view alerts) from the portal, and change settings (for example, email notifications) within Azure AD Connect Health. Reader Readers can view all information (for example, view alerts) from the portal within Azure AD Connect Health. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations
upvoted 1 times
...
fjfg
2 years, 5 months ago
Selected Answer: AD
For the second role I would select the Contributor role in AAC Connect Health (Option D) rather than the Monitoring Contributor role (option E), which doesn´t exist in the latest documentation, AFAIK https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations#manage-access-with-azure-rbac https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#connect-health
upvoted 1 times
Tanasi
2 years, 1 month ago
You cannot find it in the documentation, but it is in the portal. https://portal.azure.com/#view/Microsoft_Azure_ADHybridHealth/AadHealthMenuBlade/~/RBAC_IAM
upvoted 1 times
...
...
ccadenasa
2 years, 7 months ago
answer is correct and can be validated here > https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations#manage-access-with-azure-rbac
upvoted 3 times
...
billo79152718
2 years, 9 months ago
correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel