Exam AZ-104 All QuestionsBrowse all questions from this exam
Go to Exam
Question 74

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.

Solution: You assign the Owner role at the subscription level to Admin1.

Does this meet the goal?

    Correct Answer: A

    Assigning the Owner role at the subscription level to Admin1 meets the goal because the Owner role provides full access to all resources within the subscription. This includes the ability to enable and configure Traffic Analytics, ensuring that Admin1 has the necessary permissions and control to manage this feature effectively.

Discussion
mlantonisOption: A

Correct Answer: A Your account must have any one of the following Azure roles at the subscription scope: Owner, Contributor, Reader, or Network Contributor. Network Contributor role - Lets you manage networks, but not access to them. Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. Reference: https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics#user-access-requirements https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Rockysekhon

mlantonis i read the question to enable not to view only etc.

RithuNethraOption: A

correct answer

DrMiyuOption: B

Agree that YES the Owner gives enough right to do it BUT it gives too much also. The purpose is to "assign the required role to enable Traffic Analytics". Not to more ... So I wouldn't give the owner ship ... This is tricky question, it should be removed from the exam as it can lead to miss configuration.

techtest848

Agreed. Otherwise the question should say using 'least privilege'

kklohitOption: B

No, assigning the Network Contributor role at the subscription level to Admin1 does not meet the goal of enabling Traffic Analytics. The Network Contributor role provides the ability to manage network resources, but it does not include the necessary permissions to configure Traffic Analytics. To enable Traffic Analytics, Admin1 needs to be assigned the Network Contributor role on the resource group where the virtual network that is being monitored by Traffic Analytics is located, and also needs to have read permissions to the storage account where the Traffic Analytics data is stored.

Durden871

Great answer, but you voted on the wrong question. Solution: You assign the Owner role at the subscription level to Admin1.

ignorica

still even for the former question if you look in the docs: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics network contributor at subscription level is still OK (it does require adding this as extra/custom: 1 Network contributor doesn't cover Microsoft.OperationalInsights/workspaces/* actions.)

3c5adceOption: B

Answer B - The key word that indicates that the answer B is correct is "enable." The goal is to ensure that an Azure AD user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription. This implies that the user needs permissions to configure or activate Traffic Analytics, not just view or read its data. Therefore, simply assigning the Reader role, which provides read-only access, does not fulfill the requirement to enable Traffic Analytics.

raj24051961Option: A

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.

Athul07Option: A

A. Yes Assigning the Owner role at the subscription level to Admin1 meets the goal of enabling Traffic Analytics for an Azure subscription. The Owner role has full access to all resources within the subscription, including the ability to enable Traffic Analytics. By assigning the Owner role to Admin1 at the subscription level, Admin1 will have the necessary permissions and control to enable and configure Traffic Analytics for the Azure subscription. Therefore, the provided solution meets the goal.

NaoVazOption: A

A) "Yes" One of the following Azure built-in roles needs to be assigned to your account: - Owner - Contributor - Reader - Network Contributor Reference: https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics#user-access-requirements

ager2rOption: A

Read access is enough for analysis

tashakoriOption: A

Yes is right

kondOption: B

Copilot: No, assigning the Owner role to Admin1 does not meet the goal of enabling Traffic Analytics for an Azure subscription. The Owner role provides full control over the entire subscription, including resources and access management. However, it is not specific to enabling or configuring Traffic Analytics. To achieve the goal, you should assign a role that specifically grants permissions related to Traffic Analytics, such as the Log Analytics Contributor role. This role allows users to manage and configure Log Analytics workspaces, which includes enabling features like Traffic Analytics. Therefore, consider assigning the Log Analytics Contributor role to Admin1 to meet the goal effectively.

ELearn

Copilot now: Yes, assigning the Owner role at the subscription level to Admin1 does meet the goal. The Owner role has full access to all resources including the right to delegate access to others. This means they can enable and configure Traffic Analytics for the subscription.

learnboy123Option: B

https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics

EwoutBI

Doesn't that link confirm answer A? One of the following Azure built-in roles needs to be assigned to your account: Owner

Mehedi007Option: A

https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#network-contributor

Mehedi007

https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#owner

habbeyOption: A

Yes. A is correct. Owner have full access to resources.

KennethLZKOption: A

Correct

MayurSinghOption: A

A is correct

manalshowaeiOption: A

A. Yes is correct