nerdexam
ExamsAZ-500Questions#133
MicrosoftMicrosoft

AZ-500 · Question #133

AZ-500 Question #133: Real Exam Question with Answer & Explanation

The correct answer assigns the 'Virtual Machine Contributor' role to user21059868 at the RG1lod10598168 resource group scope via Access Control (IAM), which grants exactly the permissions needed to manage virtual machine properties without granting broader administrative rights.

Submitted by sofia.br· Mar 6, 2026Manage Azure identities and governance - specifically, managing access to Azure resources using Role-Based Access Control (RBAC), including assigning built-in roles at the appropriate scope to satisfy least-privilege requirements (AZ-104 Domain: Manage Azure Active Directory and RBAC)

Question

SIMULATION Use the following login credentials as needed: To enter your username, place your cursor in the Sign in box and click on the username below. To enter your password, place your cursor in the Enter password box and click on the password below. Azure Username: [email protected] Azure Password: Ag1Bh9!#Bd The following information is for technical support purposes only: Lab Instance: 10598168 You need to ensure that a user named user21059868 can manage the properties of the virtual machines in the RG1lod10598168 resource group. The solution must use the principle of least privilege. To complete this task, sign in to the Azure portal. Answer: 1. In Azure portal, locate and select the RG1lod10598168 resource group. 2. Click Access control (IAM). 3. Click the Role assignments tab to view all the role assignments at this scope. 4. Click Add > Add role assignment to open the Add role assignment pane. 5. In the Role drop-down list, select the role Virtual Machine Contributor. Virtual Machine Contributor lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 6. In the Select list, select user user21059868 7. Click Save to assign the role. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine- contributor

Options

  • taskAdd a Delete lock to the contososerverexample resource.
  • prerequisitesAzure Username: [email protected], Azure Password: Ag1Bh9!#Bd

Explanation

The correct answer assigns the 'Virtual Machine Contributor' role to user21059868 at the RG1lod10598168 resource group scope via Access Control (IAM), which grants exactly the permissions needed to manage virtual machine properties without granting broader administrative rights. This satisfies the principle of least privilege because the Virtual Machine Contributor role allows management of VMs but does not grant access to the virtual network, storage accounts, or the resource group itself. Using role-based access control (RBAC) at the resource group level ensures the user can manage all VMs within that group without over-provisioning permissions.

Topics

#Azure RBAC#Role Assignments#Principle of Least Privilege#Identity and Access Management

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-500 PracticeBrowse All AZ-500 Questions