Crucial Exams

Microsoft Azure Solutions Architect Expert AZ-305 Practice Question

Contoso has a pay-as-you-go Azure subscription named ContosoProd. A third-party operations team must be able to restart any existing virtual machine in ContosoProd for the next three months. The operations team must not be able to create, delete, or view other resources in the subscription, and their access must require manager approval each time it is used. You need to recommend a solution that meets the requirements while following the principle of least privilege. What should you recommend?

  • Create a system-assigned managed identity for the vendor and add it to the Reader role at the subscription scope.

  • Use Azure AD Privileged Identity Management to create an eligible assignment for a custom role that includes only the virtual machine restart action, scoped to the subscription, configured to expire in three months, and require approval for activation.

  • Apply a ReadOnly resource lock on all storage accounts in the subscription to prevent the vendor from accessing data.

  • Assign the built-in Virtual Machine Contributor role to the vendor's Azure AD group at the subscription scope.

Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot