Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 2 question 75 discussion

Actual exam question from Microsoft's AZ-104
Question #: 75
Topic #: 2
[All AZ-104 Questions]

HOTSPOT
-

You have an Azure subscription that contains a user named User1 and the resources shown in the following table.



NSG1 is associated to networkinterface1.

User1 has role assignments for NSG1 as shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by skydivex at Feb. 8, 2023, 2:17 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
skydivex
Highly Voted 1 year, 8 months ago
Correct Answers. YES, No, Yes (YES)User1 can create a storage account in RG1, since User1 has Storage Account Contribute Role inherited from Resource Group. (NO) User1 can modify the DNS settings of networkinterface1, since it requires Network Contribute role referring to the following link. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface?tabs=network-interface-portal#permissions (YES) User1 can create an inbound security rule to filter inbound traffic to networkinterface1, since User1 has Contributor role for NSG1
upvoted 86 times
3c5adce
4 months, 3 weeks ago
Confirmed by ChatGPT4
upvoted 3 times
...
Chris76
1 year, 5 months ago
Wrong. Answer is N-N-Y. You cannot create new storage accounts with a "Storage Account Contributor" role, only manage existing. Don't confuse people.
upvoted 23 times
deroid
1 year ago
No, You can create Storage Accounts from Storage Account Contributor Role /* Microsoft.Storage/storageAccounts/* Create and manage storage accounts */ https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-account-contributor
upvoted 10 times
...
sardonique
1 year ago
Storage Account Contributor: Actions Description Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.Insights/diagnosticSettings/* Creates, updates, or reads the diagnostic setting for Analysis Server Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joins resource such as storage account or SQL database to a subnet. Not alertable. Microsoft.ResourceHealth/availabilityStatuses/read Gets the availability statuses for all resources in the specified scope Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. Microsoft.Storage/storageAccounts/* Create and manage storage accounts Microsoft.Support/* Create and update a support ticket
upvoted 4 times
umavaja
8 months ago
Storage Account Contributor Permits management of storage accounts. Provides access to the account key, which can be used to access data via Shared Key authorization. Learn more Actions Description Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.Insights/diagnosticSettings/* Creates, updates, or reads the diagnostic setting for Analysis Server Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joins resource such as storage account or SQL database to a subnet. Not alertable. Microsoft.ResourceHealth/availabilityStatuses/read Gets the availability statuses for all resources in the specified scope Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. Microsoft.Storage/storageAccounts/* Create and manage storage accounts Microsoft.Support/* Create and update a support ticket
upvoted 1 times
umavaja
8 months ago
Yes with Role Storage Account Contributor with following action, it can create and manage storage account Microsoft.Storage/storageAccounts/* Create and manage storage accounts https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-account-contributor
upvoted 1 times
...
...
...
Chris76
1 year, 5 months ago
Ok I have tested this as its controversial as fk. You can indeed create new storage accounts with the SA Contribute role. Confusion came after the identical experiment with the Logic App Contributor role. As for that one you cannot create logic apps due to lack of a write permission. Despite the docs saying Microsoft.Logic/*
upvoted 14 times
Toast1536
1 year, 1 month ago
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#classic-storage-account-contributor Classic Storage Account Contributor Lets you manage classic storage accounts, but not access to them. Actions Description Microsoft.Authorization/*/read Read roles and role assignments Microsoft.ClassicStorage/storageAccounts/* Create and manage storage accounts Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.ResourceHealth/availabilityStatuses/read Gets the availability statuses for all resources in the specified scope Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. Microsoft.Support/* Create and update a support ticket
upvoted 1 times
RickySmith
1 year, 1 month ago
But the assignment is for Storage Account Contributor, not Classic Storage Account Contributor.
upvoted 2 times
RickySmith
1 year, 1 month ago
Correction. Both can create storage accounts.
upvoted 1 times
...
...
...
...
...
...
zellck
Highly Voted 1 year, 7 months ago
YNY is the answer. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-account-contributor - Microsoft.Storage/storageAccounts/* Create and manage storage accounts https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader View all resources, but does not allow you to make any changes. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
upvoted 22 times
...
SeMo0o0o0o
Most Recent 1 week, 2 days ago
CORRECT
upvoted 1 times
...
SeMo0o0o0o
1 month ago
CORRECT
upvoted 1 times
...
tcoelho28
1 month, 4 weeks ago
Correct Answers. No, No, Yes NO - Storage Account Contribute Role only permits management of storage accounts. Provides access to the account key, which can be used to access data via Shared Key authorization. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 1 times
...
SrWalk49
2 months ago
Role can create. Asked ChatGPT why is this an exception to the traditional setup: The "Storage Account Contributor" role in Azure is designed to provide extensive management capabilities specific to storage accounts, including creating and deleting storage accounts. This differs from more general "Contributor" roles, which typically do not allow resource creation or deletion at the subscription level to prevent significant changes that could impact overall resource management.
upvoted 1 times
...
MSExpertGER
3 months, 3 weeks ago
The Storage Account Contributor Role does not allow to create Storage Accounts. You may set certain things on the SAC, but not create them within the given scope. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage#storage-account-contributor 1) NO - because Storage Account Contributor as of 2024 doesn't allow Creation of Storage Accounts. 2) YES - Owner of the NIC 3) NO - there is no information given about any other rights to any other scope related to the NSG. So the user has only Reader rights on the NIC, inherited from Subscription.
upvoted 4 times
...
asaulu
4 months, 3 weeks ago
2. Yes. The "Contributor" role at the resource group level inherited by the network security group (NSG1) associated with networkinterface1 would generally allow a user to modify the resources within that group. Since DNS settings are a part of network interface configuration, and the network interface is associated with NSG1, User1 should be able to modify these settings.
upvoted 1 times
...
Wassel_Laouini
5 months ago
I think it's Yes, No, No: because you need Network contributor to be able to make changes to the NSG and NIC
upvoted 2 times
...
Pt4r
5 months, 2 weeks ago
User1 can create a storage account in RG1. 1. Yes. User1 has the "Contributor" role on the subscription level inherited by the resource group RG1. This role allows creating new resources within the subscription and thus within any resource group in the subscription, including RG1. User1 can modify the DNS settings of networkinterface1. 2. Yes. The "Contributor" role at the resource group level inherited by the network security group (NSG1) associated with networkinterface1 would generally allow a user to modify the resources within that group. Since DNS settings are a part of network interface configuration, and the network interface is associated with NSG1, User1 should be able to modify these settings. 3. User1 can create an inbound security rule to filter inbound traffic to networkinterface1. Yes. User1 has the "Contributor" role on NSG1 which gives them the ability to manage network security rules, including creating new inbound security rules.
upvoted 2 times
...
Amir1909
6 months, 2 weeks ago
Given answer is right
upvoted 1 times
...
bacana
7 months, 1 week ago
User1 has role assignments for NSG1 not for RG. He can't create storage account.
upvoted 1 times
18c2076
6 months, 3 weeks ago
His Storage Account Contributor role is inherited down from the RG. Read again. Try again. You failed.
upvoted 2 times
BluAlien
6 months ago
.. and where is specified that NSG1 is in RG1 ? Nowhere, noway NNY
upvoted 1 times
...
...
...
Amir1909
7 months, 3 weeks ago
Yes No Yes
upvoted 1 times
...
Atom270
8 months, 1 week ago
Yes no yes
upvoted 2 times
...
devops_devops
8 months, 3 weeks ago
This question was in exam 15/01/24
upvoted 2 times
...
SkyZeroZx
9 months ago
Correct Answers. YES, No, Yes (YES)User1 can create a storage account in RG1, since User1 has Storage Account Contribute Role inherited from Resource Group. (NO) User1 can modify the DNS settings of networkinterface1, since it requires Network Contribute role referring to the following link. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface?tabs=network-interface-portal#permissions (YES) User1 can create an inbound security rule to filter inbound traffic to networkinterface1, since User1 has Contributor role for NSG1
upvoted 3 times
...
ccra
9 months, 2 weeks ago
Yes, a user with the Storage Account Contributor role in Azure can create a new storage account. To create a storage account
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel