Examice

Exam AZ-500 All QuestionsBrowse all questions from this exam

Go to Exam

Question 103

You have an Azure subscription that contains the resources shown in the following table.

You need to ensure that ServerAdmins can perform the following tasks:

✑ Create virtual machines in RG1 only.

✑ Connect the virtual machines to the existing virtual networks in RG2 only.

The solution must use the principle of least privilege.

Which two role-based access control (RBAC) roles should you assign to ServerAdmins? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

a custom RBAC role for RG2

the Network Contributor role for RG2

the Contributor role for the subscription

a custom RBAC role for the subscription

the Network Contributor role for RG1

the Virtual Machine Contributor role for RG1

Correct Answer: B, F

To allow ServerAdmins to create virtual machines in RG1, the Virtual Machine Contributor role is appropriate because it grants permissions to manage virtual machines without allowing broader administrative access. For connecting the virtual machines to the existing virtual networks in RG2, the Network Contributor role for RG2 should be assigned. This role provides the necessary permissions to manage network interfaces and virtual networks without granting excessive permissions beyond what is required.

Discussion

EltoothOptions: AF

A. a custom RBAC role for RG2 - would provide least priv over RG2 B. the Network Contributor role for RG2 - provides too much priv over RG2 C. the Contributor role for the subscription - Cannot be C D. a custom RBAC role for the subscription - to much permission E. the Network Contributor role for RG1 - Cannot be E F. the Virtual Machine Contributor role for RG1 - required to create VM's Therefore A and F would provide least priv to perform tasks.

machado

How can D. be too much permission if it's custom and you can select scopes?

in_da_cloud

Because the scope is bigger than required - it would apply the permission on subscription instead of only RG.

thienvuptOptions: BF

BF for my choose

xavi1

not B, seems does not include virtual machine connection: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#network-contributor

BillBaits

For me this is part of Microsoft.Network/* https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#network-contributor So I think BF is correct

AS179Options: AF

correct

zellckOptions: AF

AF is the answer. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor Create and manage virtual machines, manage disks, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC.

zellck

Gotten this in May 2023 exam.

Payday123Options: AD

We can create custom RBAC role for the subscription and give it assignable scope to the resource group. Then assign it to this resource group. This will give users "least privileges".

machado

I thought the same and selected A. and D.

Ivan80

In exam 1/28/24

stepman

I forgot what I chose, but this was On exam 4/27 with the new exam experience. No Sim or lab.

somenickOptions: AF

B is not ok because it allows to create networks, support tickets, manage monitoring - so too much.

Innovite

Least priv.. so provided answer is right..

mrt007Options: BF

The correct answers are F. the Virtual Machine Contributor role for RG1 and B. the Network Contributor role for RG2. Assigning the Virtual Machine Contributor role for RG1 will allow ServerAdmins to create virtual machines in RG1. Assigning the Network Contributor role for RG2 will allow ServerAdmins to connect the virtual machines to the existing virtual networks in RG2

BigShot0Options: AF

Not B - Network Contributor does not have Microsoft.Network/networkInterfaces/*

rameezali

Although network contributor is not the right answer because it gives you way more permissions than to attach a NIC, but the role network contributor does have Microsoft.Network/* https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface?tabs=azure-portal#permissions

starnbOptions: BF

The correct answer is B and F

rasmartOptions: BF

RBAC have too much privileged

xRiot007Options: AF

Correct answers are : A - a custom RBAC role for RG2, providing least privilege - any other answer/explanations are incorrect. F - the virtual Machine Contributor on RG1 - this is the best option from the listed ones, any other answer is incorrect. An even better option than this would be a custom RBAC role on RG1.

CHIEF101HOptions: AF

A. a custom RBAC role for RG2 - would provide least priv over RG2 & F.the Virtual Machine Contributor role for RG1 - required to create VM's

_fvtOptions: DF

You cannot create a VM without being able to attach it's network Interfaces to a VNet. The only working option in definitive is: D - A Custom role for attaching the network cards on the Subscription level, F - VM contributor on RG1.

tath

need guidance for clearing az-500 exam

Ajdlfasudfo0

step one: learn step two: pass exam step three: profit

chikorita

step four: renew certification (REPEATTT)