AZ-104 Question #505: Real Exam Question with Answer & Explanation

Question

Hotspot Question You have an Azure subscription named Subscription1 that contains a virtual network VNet1. You add the users in the following table. Which user can perform each configuration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:

Explanation

User1 has the Network Contributor role, which grants full permissions to manage networking resources including adding subnets to VNets, but does NOT include the ability to manage role assignments (which requires Owner or User Access Administrator). User2 has the Reader role, which is read-only and cannot modify resources or assign roles. User3 has the Owner role, which grants full control including adding subnets AND assigning roles to others - however, based on the answer key, User3 can add subnets (Yes) but cannot assign roles to VNet1 (No), suggesting User3's Owner role is scoped at the resource group or subscription level with a condition, OR more likely User3 has a role like 'Network Contributor' at the VNet level - but the canonical answer aligns with: Owner can assign roles, so if User3 cannot assign roles, the scope or role must be limited. The key distinction is: Network Contributor (User1) = manage networks but NOT role assignments; Reader (User2) = read only, no modifications; and the role that permits subnet addition but not role assignment points to Network Contributor for User3 as well, or Owner scoped differently.

No community discussion yet for this question.