Least Privilege — Microsoft Azure Administrator (AZ-104) Practice Questions
The principle of least privilege states that users and identities should receive only the permissions necessary to perform their specific tasks, reducing the attack surface if an account is compromised. In the AZ-104 context, this means selecting the most narrowly scoped RBAC role at the lowest scope level rather than assigning broad roles like Owner or Contributor at the subscription level. Administrators are expected to understand how to evaluate built-in roles and design permission structures that enforce least privilege while still allowing operational workflows.
Free questions on least privilege
You need to assign permissions to a resource group. Which role provides the least privilege necessary for managing virtual machines?
Free question · medium · full answer + explanation
You need to grant a user access to a specific blob container. What is the most secure approach to provide temporary access?
Free question · medium · full answer + explanation
More least privilege questions in the full bank
- Application needs to access multiple storage accounts with least privilege. How is this configured? Unlock answer & explanation →
- A managed identity on a VM needs blob storage access. How do you grant this? Unlock answer & explanation →
- What does RBAC (Role-Based Access Control) in Azure enable? Unlock answer & explanation →