exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam

Exam AZ-500 topic 3 question 1 discussion

Actual exam question from Microsoft's AZ-500
Question #: 1
Topic #: 3
[All AZ-500 Questions]

You have an Azure subscription that contains a user named User1 and an Azure Container Registry named ContReg1.
You enable content trust for ContReg1.
You need to ensure that User1 can create trusted images in ContReg1. The solution must use the principle of least privilege.
Which two roles should you assign to User1? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. AcrQuarantineReader
  • B. Contributor
  • C. AcrPush
  • D. AcrImageSigner
  • E. AcrQuarantineWriter
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
P0d
Highly Voted 4 years, 3 months ago
Contributor and AcrPush
upvoted 29 times
rgullini
3 years, 4 months ago
Wrong. Correct answer is AcrPush AcrImageSigner
upvoted 45 times
...
temidayo
4 years, 3 months ago
No, you are wrong, Correct answer is AcrPush AcrImageSigner https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust
upvoted 88 times
bluetaurianbull
3 years, 7 months ago
Super Confusing and Tricky:- https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles As per the above link, AcrImageSigner role - only has permission to Sign Images but the text below seems to suggest that usually this permission of "Sign Images" - The ability to sign images, usually assigned to an automated process, which would use a service principal. This permission is typically combined with push image to allow pushing a trusted image to a registry. For details, see Content trust in Azure Container Registry. But then the confusion is, "Sign Images" seems usually assigned to an automated process, the question talks about assigning 2 roles (Principle of least privilege) to a USER not an automated process. So if it has to be roles assigned to a USER, shouldnt it be AcrPush and Contributor. Ofcource Owner can also push an Image, but it will not follow the Principle of least privilege.
upvoted 3 times
eroms
3 years, 3 months ago
its fairly straightforward. No need for any long explanation. Answer is CD. Keyword Least privilege..
upvoted 2 times
...
...
gboyega
4 years, 2 months ago
Correct it should be ArcPush and AcrImageSigner Because the question states that we should follow the principle of least priviledge
upvoted 14 times
bluetaurianbull
3 years, 7 months ago
Super Confusing and Tricky:- https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles As per the above link, AcrImageSigner role - only has permission to Sign Images but the text below seems to suggest that usually this permission of "Sign Images" - The ability to sign images, usually assigned to an automated process, which would use a service principal. This permission is typically combined with push image to allow pushing a trusted image to a registry. For details, see Content trust in Azure Container Registry. But then the confusion is, "Sign Images" seems usually assigned to an automated process, the question talks about assigning 2 roles (Principle of least privilege) to a USER not an automated process. So if it has to be roles assigned to a USER, shouldnt it be AcrPush and Contributor. Ofcource Owner can also push an Image, but it will not follow the Principle of least privilege.
upvoted 1 times
...
...
Patchfox
2 years, 8 months ago
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli#:~:text=This%20permission%20is%20typically%20combined%20with%20push%20image%20to%20allow%20pushing%20a%20trusted%20image%20to%20a%20registry.%20For%20details%2C%20see%20Content%20trust%20in%20Azure%20Container%20Registry.
upvoted 2 times
...
...
...
gfhbox0083
Highly Voted 4 years, 2 months ago
C, D, for sure.
upvoted 16 times
...
hellboysecret
Most Recent 3 days, 19 hours ago
Selected Answer: CD
Role/Permission Access Resource Manager Create/delete registry Push image Pull image Delete image data Change policies Sign images Owner X X X X X X Contributor X X X X X X Reader X X AcrPush X X AcrPull X AcrDelete X AcrImageSigner X
upvoted 1 times
...
sgomezsan
4 weeks ago
Selected Answer: CD
Create trusted images: AcrPush and AcrImageSigner
upvoted 1 times
...
yonie
8 months, 3 weeks ago
Selected Answer: CD
AcrPush AcrImageSigner https://learn.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli
upvoted 1 times
...
JunetGoyal
10 months, 3 weeks ago
Given ans is correct. CD. The combination of CD will fulfill required task Those who are thinking "Contributor and AcrPush" we can give this too,but its not least priviledge.(Note: if you give contributor then you don't even need AcrPush). So as per Question combination of CD enogh
upvoted 1 times
...
TheProfessor
11 months, 4 weeks ago
Selected Answer: CD
C. AcrPush D. AcrImageSigner
upvoted 3 times
...
ErikPJordan
12 months ago
Selected Answer: CD
Contributor is too much, AcrQuarantineReader/Writer sounds made up :D
upvoted 1 times
...
ESAJRR
1 year ago
Selected Answer: CD
C. AcrPush D. AcrImageSigner
upvoted 1 times
...
heatfan900
1 year ago
The ability to SIGN images, usually assigned to an automated process, which would use a service principal. This permission is typically combined with PUSH image to allow pushing a trusted image to a registry.
upvoted 1 times
...
majstor86
1 year, 6 months ago
Selected Answer: CD
C. AcrPush D. AcrImageSigner
upvoted 2 times
...
ligu
1 year, 6 months ago
Correct answer are AcrPush and AcrImageSigner (since July 2021)
upvoted 1 times
...
edurakhan
1 year, 10 months ago
Selected Answer: CD
C, D https://learn.microsoft.com/en-us/azure/container-registry/container-registry-content-trust
upvoted 3 times
...
F117A_Stealth
1 year, 10 months ago
Selected Answer: CD
Correct answer is AcrPush AcrImageSigner
upvoted 1 times
...
koreshio
1 year, 11 months ago
Selected Answer: CD
as explained correctly by others as well.
upvoted 2 times
...
BlackZeros
2 years ago
Selected Answer: CD
correct answer
upvoted 2 times
...
nitz14
2 years, 1 month ago
Selected Answer: CD
C & D, reference : https://docs.microsoft.com/en-us/azure/container-registry/container-registry-content-trust
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago