Microsoft Azure Security Engineer Associate AZ-500 Practice Question
Your company has a resource group named RG1 that contains only virtual machines plus their disks and network interfaces. You need to allow a developer named dev1 to start, stop, create, and delete virtual machines within RG1. dev1 must not grant permissions to others or manage any non-VM resources. Following the principle of least privilege, which Azure built-in role should you assign to dev1 on RG1?
Virtual Machine Contributor grants rights to create, start, stop, restart, and delete virtual machines and the resources required for them, but it does not permit managing role assignments. Because it is scoped to virtual-machine resources only, it satisfies the least-privilege requirement. Contributor would permit dev1 to manage every resource type in RG1, which is broader than necessary. Owner includes full access plus the ability to delegate permissions, violating the restriction on access management. User Access Administrator can manage role assignments but cannot perform VM operations. Therefore, Virtual Machine Contributor is the correct role.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege in Azure?
Open an interactive chat with Bash
How do Azure built-in roles differ and when would you use 'Virtual Machine Contributor' over 'Contributor'?
Open an interactive chat with Bash
What is the difference between 'Owner' and 'Virtual Machine Contributor' roles in Azure?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure identity and access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .