Which role provides the least privilege for reading Azure resources?

  1. Owner
  2. Contributor
  3. Reader ✓
  4. Virtual Machine Contributor

Correct answer: Reader

Option C is correct because the Reader role grants read-only access to view Azure resources without the ability to create, modify, or delete anything, making it the least-privilege option for users who only need visibility. Option A is incorrect because Owner has full access including the ability to manage role assignments, far exceeding read-only needs. Option B is incorrect because Contributor can create, update, and delete resources, which grants significantly more privilege than reading alone. Option D is incorrect because Virtual Machine Contributor allows managing virtual machines (including starting, stopping, and modifying them), which is broader than simple read access across all resource types.

Topic: · azure rbac, least privilege, reader role, identity and access management

Practice Microsoft Azure Security Engineer (AZ-500) Questions Free