Examice

Exam AZ-104 All QuestionsBrowse all questions from this exam

Question 111

You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.

Subscription1 has a user named User1. User1 has the following roles:

• Reader

• Security Admin

• Security Reader

You need to ensure that User1 can assign the Reader role for VNet1 to other users.

What should you do?

Assign User1 the Network Contributor role for VNet1.

Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1.

Assign User1 the Owner role for VNet1.

Assign User1 the Network Contributor role for RG1.

Correct Answer: C

To ensure that User1 can assign the Reader role for VNet1 to other users, the appropriate action is to assign User1 the Owner role for VNet1. The Owner role has the necessary permissions to manage all aspects of the resource, including assigning roles to other users. Other roles mentioned, such as Network Contributor, do not have the permission to assign roles to others. Removing User1 from the Security Reader role and assigning the Contributor role for RG1 does not provide the specific necessary permissions for assigning roles within VNet1.

Discussion

myaraliOption: C

There is only two choices for that puspose; - Assign User1 the Owner role for VNet1. - Assign User1 the User Access Administrator role for VNet1.

Nick111111

I did see this on the exam

zellck

Same as Question 53. https://www.examtopics.com/discussions/microsoft/view/74021-exam-az-104-topic-2-question-53-discussion

Ni33Option: C

C is correct. It is the only role in the give options have capability to assign permissions.

3c5adceOption: A

To ensure that User1 can assign the Reader role for VNet1 to other users, you should: A. Assign User1 the Network Contributor role for VNet1. The Network Contributor role grants permissions to manage network resources, including virtual networks (VNet1), but restricts access to only those resources. By assigning User1 the Network Contributor role for VNet1, you provide them with the necessary permissions to manage role assignments specifically for VNet1, including assigning the Reader role to other users. This approach adheres to the principle of least privilege by granting only the necessary permissions for managing network resources without providing broader access to other resources in the subscription or resource group. Option C is incorrect because assigning the Owner role for VNet1 provides excessive permissions, allowing User1 to manage all aspects of the virtual network, which exceeds the requirement to assign the Reader role to other users.

OtunbaDan

Real life reason why you should not use AI generated answers as against researching real real. this answer is from either chatgpt or germini.

tashakoriOption: C

C is right

NottebOption: C

C. seems correct

zellckOption: C

C is the answer. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

vali6969Option: C

C is correct only Owner can assign roles (even reader role).

Mo22Option: C

Correct

GeorgegoOption: C

Answer is correct.