You need to assign permissions to a resource group. Which role provides the least privilege necessary for managing virtual machines?

  1. Virtual Machine Contributor ✓
  2. Contributor
  3. Reader
  4. Owner

Correct answer: Virtual Machine Contributor

Option A (Virtual Machine Contributor) is correct because it grants permissions to create and manage virtual machines without allowing changes to the virtual network or storage accounts they are connected to, embodying least privilege for VM management tasks. Option B (Contributor) grants broad write access across all resource types in the scope, far exceeding what is needed for VM management alone. Option C (Reader) provides only read-only access and does not allow managing or modifying virtual machines. Option D (Owner) grants full control including the ability to assign roles to others, which is excessive and violates least privilege principles.

Topic: · az-104, rbac, least privilege, virtual machine contributor

Practice Microsoft Azure Administrator (AZ-104) Questions Free