nerdexam
Microsoft

AZ-400 · Question #492

Hotspot Question You have a project in Azure DevOps that includes two users named User1 and User2. You plan to use Azure Monitor to manage logs. You need to ensure that the users can perform the actio

The correct answer is User1:: Monitoring Contributor; User2:: Monitoring Reader. To ensure User1 can 'Create private monitoring dashboards' and 'Search usage data for an Azure Monitor workspace', the Monitoring Contributor role is required. This role grants permissions to create and manage monitoring resources, including dashboards, and access monitoring data

Submitted by mateo_ar· Mar 6, 2026Implement an instrumentation strategy

Question

Hotspot Question You have a project in Azure DevOps that includes two users named User1 and User2. You plan to use Azure Monitor to manage logs. You need to ensure that the users can perform the actions shown in following the table. The solution must follow the principle of least privilege. Which role should you assign to each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:

Exhibits

AZ-400 question #492 exhibit 1
AZ-400 question #492 exhibit 2

Answer Area

  • User1:Monitoring Contributor
    Log Analytics ReaderMonitoring ContributorMonitoring Metrics PublisherMonitoring Reader
  • User2:Monitoring Reader
    Log Analytics ReaderMonitoring ContributorMonitoring Metrics PublisherMonitoring Reader

Explanation

To ensure User1 can 'Create private monitoring dashboards' and 'Search usage data for an Azure Monitor workspace', the Monitoring Contributor role is required. This role grants permissions to create and manage monitoring resources, including dashboards, and access monitoring data. For User2, who only needs to 'View autoscale settings' and 'View alert activities and settings', the Monitoring Reader role is sufficient. This role provides read-only access to all monitoring data and settings, adhering to the principle of least privilege as User2 does not require permissions to create or modify resources.

Topics

#Azure Monitor RBAC#Least Privilege Principle#Monitoring Roles#Azure DevOps Permissions

Community Discussion

No community discussion yet for this question.

Full AZ-400 Practice