HOTSPOT -
You have the hierarchy of Azure resources shown in the following exhibit.
RG1, RG2, and RG3 are resource groups.
RG2 contains a virtual machine named VM2.
You assign role-based access control (RBAC) roles to the users shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct answers. 1) Yes Source : https://docs.microsoft.com/fr-fr/azure/governance/management-groups/overview 2) Yes The role has this rights : Microsoft.Compute/virtualMachines/* Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. Execute predefined scripts on virtual machines. Source : https://docs.microsoft.com/fr-fr/azure/role-based-access-control/built-in-roles#virtual-machine-contributor 3) No Virtual Machine Administrator Login -> View Virtual Machines in the portal and login as administrator Source : https://docs.microsoft.com/fr-fr/azure/role-based-access-control/built-in-roles
Microsoft.Compute/virtualMachines/loginAsAdmin/action Log in to a virtual machine with Windows administrator or Linux root user privileges.. so 3). Yes
3). Why No. If user can login to a VM as an Administrator, then he can reset the built-in Admin password.
on 3, I think the question is asking if the user can reset the admin password from the Azure portal, not login and reset it. They are really asking, if the admin password were lost, forgotten, or locked out, can this user use the portal to reset it. The answer to that question is no. Bad question as it isn't specific enough.
When you log in with admin permission you can change the built-in Administrator account password.
Because User1 has Contributor at Tenant Root Group so the role is inherited in subscription under that root group. So User1 can deploy a new VM. User2 has VM Contributor which can delete a VM2 which is in RG2 which is part of Subscription2. The statement #3 is tricky to be honest. Infact with Virtual Machine Administrator Login User3 can log in to an Azure virtual machine with administrator privileges. And once he is in the VM he can change local admin password using PowerShell or GUI from Computer Management. Correct Answer - Yes Yes Yes
Virtual Machine Administrator Login - Microsoft.Compute/virtualMachines/loginAsAdmin/action - Log in to a virtual machine with Windows administrator or Linux root user privileges. From here - https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-administrator-login So when you log in with administrative privileges, you can change the password of the built-in Administrator account. I'd vote for triple "Yes".
On exam 7/8/23. Answers are correct but the 3. is a really not clear. If reset means change after login, that its YYY.
Yes -Yes - Yes is the right answer
On exam 1/2/24
user3 can rest the local admin password. because the virtual machine administrator login gives him the following - Microsoft.Compute/virtualMachines/loginAsAdmin/action Log in to a virtual machine with Windows administrator or Linux root user privileges https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-administrator-login
YES YES NO
# IN EXAM - 3/6/2022 (online). Lot of new questions. Good luck !
No, liar. Not many new questions.
maybe all the new question were added after alou33 made the reply here?
good one :)
# IN EXAM - 30/6/2022
Question 3 Yes, refer to the matrix of which admin can reset other admin password here: https://learn.microsoft.com/en-us/answers/questions/408862/reset-azure-ad-admin-password
This is for Azure AD itself, not what happens inside of a VM. Do not confuse an Active Directory Admin with a VM built-in admin.
## Ihttps://www.examtopics.com/exams/microsoft/az-500/view/10/#n Exam 03/12/2022
Yes, Yes and No (if user 3 is accessing via portal).
correct answer is: YYN
In Exam 02/12/2022
YYN is the answer. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor Create and manage virtual machines, manage disks, install and run software, reset password of the root user of the virtual machine using VM extensions, and manage local user accounts using VM extensions. This role does not grant you management access to the virtual network or storage account the virtual machines are connected to. This role does not allow you to assign roles in Azure RBAC.
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-administrator-login View Virtual Machines in the portal and login as administrator
Tested in the lab 3 is NO