ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 2 question 75 discussion

Actual exam question from Microsoft's AZ-104
Question #: 75
Topic #: 2
[All AZ-104 Questions]

HOTSPOT
-

You have an Azure subscription that contains a user named User1 and the resources shown in the following table.



NSG1 is associated to networkinterface1.

User1 has role assignments for NSG1 as shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by skydivex at Feb. 8, 2023, 2:17 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
skydivex
Highly Voted 2 years ago
Correct Answers. YES, No, Yes (YES)User1 can create a storage account in RG1, since User1 has Storage Account Contribute Role inherited from Resource Group. (NO) User1 can modify the DNS settings of networkinterface1, since it requires Network Contribute role referring to the following link. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface?tabs=network-interface-portal#permissions (YES) User1 can create an inbound security rule to filter inbound traffic to networkinterface1, since User1 has Contributor role for NSG1
upvoted 101 times
3c5adce
9 months, 3 weeks ago
Confirmed by ChatGPT4
upvoted 3 times
...
Chris76
1 year, 10 months ago
Wrong. Answer is N-N-Y. You cannot create new storage accounts with a "Storage Account Contributor" role, only manage existing. Don't confuse people.
upvoted 28 times
vrm1358
4 weeks, 1 day ago
please not that NSG has "Storage Account Contributor" role not RG1. So you can not create Storage account in RG1
upvoted 1 times
...
deroid
1 year, 5 months ago
No, You can create Storage Accounts from Storage Account Contributor Role /* Microsoft.Storage/storageAccounts/* Create and manage storage accounts */ https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-account-contributor
upvoted 11 times
...
sardonique
1 year, 5 months ago
Storage Account Contributor: Actions Description Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.Insights/diagnosticSettings/* Creates, updates, or reads the diagnostic setting for Analysis Server Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joins resource such as storage account or SQL database to a subnet. Not alertable. Microsoft.ResourceHealth/availabilityStatuses/read Gets the availability statuses for all resources in the specified scope Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. Microsoft.Storage/storageAccounts/* Create and manage storage accounts Microsoft.Support/* Create and update a support ticket
upvoted 4 times
umavaja
1 year ago
Storage Account Contributor Permits management of storage accounts. Provides access to the account key, which can be used to access data via Shared Key authorization. Learn more Actions Description Microsoft.Authorization/*/read Read roles and role assignments Microsoft.Insights/alertRules/* Create and manage a classic metric alert Microsoft.Insights/diagnosticSettings/* Creates, updates, or reads the diagnostic setting for Analysis Server Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joins resource such as storage account or SQL database to a subnet. Not alertable. Microsoft.ResourceHealth/availabilityStatuses/read Gets the availability statuses for all resources in the specified scope Microsoft.Resources/deployments/* Create and manage a deployment Microsoft.Resources/subscriptions/resourceGroups/read Gets or lists resource groups. Microsoft.Storage/storageAccounts/* Create and manage storage accounts Microsoft.Support/* Create and update a support ticket
upvoted 3 times
umavaja
1 year ago
Yes with Role Storage Account Contributor with following action, it can create and manage storage account Microsoft.Storage/storageAccounts/* Create and manage storage accounts https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-account-contributor
upvoted 1 times
...
...
...
Load full discussion...
...
...
zellck
Highly Voted 2 years ago
YNY is the answer. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage-account-contributor - Microsoft.Storage/storageAccounts/* Create and manage storage accounts https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#reader View all resources, but does not allow you to make any changes. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
upvoted 23 times
...
Abhisk127
Most Recent 1 month, 2 weeks ago
No, a user with the Storage Account Contributor role in Azure cannot create new storage accounts. However, they can manage classic storage accounts. Explanation The Avere Contributor role in Azure allows users to create and manage storage accounts. The Storage Account Contributor role in Azure only allows users to manage classic storage accounts. The Contributor role in Azure allows users to create and manage resources, but not set access controls or manage billing. Users can assign Azure roles at the level of the subscription, resource group, storage account, or container.
upvoted 1 times
...
Riz504
2 months, 2 weeks ago
Correct Answers. YES, No, Yes (YES)User1 can create a storage account in RG1, since User1 has Storage Account Contribute Role inherited from Resource Group. (NO) User1 can NOT modify the DNS settings of networkinterface1, since it requires Network Contribute role referring to the following link. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface?tabs=network-interface-portal#permissions (YES) User1 can create an inbound security rule to filter inbound traffic to networkinterface1, since User1 has Contributor role for NSG1
upvoted 1 times
...
Stunomatic
4 months, 2 weeks ago
Even if NSG1 is associated with networkInterface1, the user will not be able to modify networkInterface1’s DNS settings unless they have the appropriate role assigned directly on the network interface or a higher scope like the resource group (RG1) or subscription. Even though NSG1 is associated with networkInterface1, the Network Contributor role on NSG1 does not give the user permission to manage or modify networkInterface1.
upvoted 2 times
...
[Removed]
5 months, 1 week ago
CORRECT
upvoted 2 times
...
[Removed]
6 months ago
CORRECT
upvoted 2 times
...
tcoelho28
6 months, 4 weeks ago
Correct Answers. No, No, Yes NO - Storage Account Contribute Role only permits management of storage accounts. Provides access to the account key, which can be used to access data via Shared Key authorization. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 1 times
...
SrWalk49
7 months ago
Role can create. Asked ChatGPT why is this an exception to the traditional setup: The "Storage Account Contributor" role in Azure is designed to provide extensive management capabilities specific to storage accounts, including creating and deleting storage accounts. This differs from more general "Contributor" roles, which typically do not allow resource creation or deletion at the subscription level to prevent significant changes that could impact overall resource management.
upvoted 1 times
...
MSExpertGER
8 months, 3 weeks ago
The Storage Account Contributor Role does not allow to create Storage Accounts. You may set certain things on the SAC, but not create them within the given scope. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage#storage-account-contributor 1) NO - because Storage Account Contributor as of 2024 doesn't allow Creation of Storage Accounts. 2) YES - Owner of the NIC 3) NO - there is no information given about any other rights to any other scope related to the NSG. So the user has only Reader rights on the NIC, inherited from Subscription.
upvoted 4 times
...
asaulu
9 months, 3 weeks ago
2. Yes. The "Contributor" role at the resource group level inherited by the network security group (NSG1) associated with networkinterface1 would generally allow a user to modify the resources within that group. Since DNS settings are a part of network interface configuration, and the network interface is associated with NSG1, User1 should be able to modify these settings.
upvoted 2 times
...
Wassel_Laouini
10 months ago
I think it's Yes, No, No: because you need Network contributor to be able to make changes to the NSG and NIC
upvoted 3 times
...
Pt4r
10 months, 2 weeks ago
User1 can create a storage account in RG1. 1. Yes. User1 has the "Contributor" role on the subscription level inherited by the resource group RG1. This role allows creating new resources within the subscription and thus within any resource group in the subscription, including RG1. User1 can modify the DNS settings of networkinterface1. 2. Yes. The "Contributor" role at the resource group level inherited by the network security group (NSG1) associated with networkinterface1 would generally allow a user to modify the resources within that group. Since DNS settings are a part of network interface configuration, and the network interface is associated with NSG1, User1 should be able to modify these settings. 3. User1 can create an inbound security rule to filter inbound traffic to networkinterface1. Yes. User1 has the "Contributor" role on NSG1 which gives them the ability to manage network security rules, including creating new inbound security rules.
upvoted 3 times
...
Amir1909
11 months, 2 weeks ago
Given answer is right
upvoted 1 times
...
bacana
1 year ago
User1 has role assignments for NSG1 not for RG. He can't create storage account.
upvoted 1 times
18c2076
11 months, 3 weeks ago
His Storage Account Contributor role is inherited down from the RG. Read again. Try again. You failed.
upvoted 2 times
BluAlien
11 months ago
.. and where is specified that NSG1 is in RG1 ? Nowhere, noway NNY
upvoted 1 times
...
...
...
Amir1909
1 year ago
Yes No Yes
upvoted 1 times
...
Atom270
1 year, 1 month ago
Yes no yes
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago