Microsoft Azure Fundamentals AZ-900 Practice Question
A company is deploying a new set of Azure resources and wants to ensure that its network engineers have the necessary permissions to only manage virtual networks, network security groups, and public IP addresses within a specific subscription. Which of the following should be assigned to the network engineers to meet this requirement?
Assigning a built-in role is the best option because it provides a predefined set of permissions targeting specific Azure resources, which in this case are network-related resources. The 'Network Contributor' role grants the ability to manage networking resources without granting access to other resources outside of this scope, aligning with the principle of least privilege. The other options are incorrect because they either provide permissions that are too broad, like the 'Contributor' role, which allows managing all resources, or are too restrictive, like the 'Reader' role, which only allows viewing resources without the ability to manage them. The 'Owner' role provides full access including the ability to delegate access, which is more than what is required for the network engineers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
Open an interactive chat with Bash
What is the difference between the 'Contributor' role and the 'Network Contributor' role in Azure?
Open an interactive chat with Bash
What are network security groups and why are they important?
Open an interactive chat with Bash
Microsoft Azure Fundamentals AZ-900
Azure Architecture and Services
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access