Exam AZ-500 topic 3 question 7 discussion

Correct Answer: 1. In Azure portal, locate and select the RG1lod1234578 resource group. 2. Click Access control (IAM). 3. Click the Role assignments tab to view all the role assignments at this scope. 4. Click Add > Add role assignment to open the Add role assignment pane. 5. In the Role drop-down list, select the role Network Contributor. Network Contributor Lets you manage networks, but not access to them. 6. In the Select list, select user User2-1234578 7. Click Save to assign the role.

Vote for network contributor

In another question it was deemed that Network Contributor had too high access to be considered least-privileged. The choice is then a Custom role

Thank you for all the comments. This one confused me since it was asking to allow the management of Virtual Machines

Answer isnt 100% correct. Steps are right, but the role required is Network Contributor: Network Contributor: Lets you manage networks, but not access to them.

network contributor is the correct role to be able to manage virtual network tho.. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?toc=%2Fazure%2Fvirtual-network%2Ftoc.json#network-contributor

Only network Contributor is needed to comply with least privilege. Network Contributor: Lets you manage networks, but not access to them.

Network contributor (to manage virtual network) , Virtual machine contributor "This role does not grant you management access to the virtual network or storage account" REF- https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor

Doesn't make sense to be bebothered with VM right, only network is needed

Procedure is correct, but the role would be Virtual Machine Contributor: Lets you manage classic networks, but not access to them.