ExpertEasy1 markMultiple Choice
AZ-305 · Question 13 · Domain 1.3: Design Governance
A development team needs the ability to start and stop Azure Virtual Machines in a specific resource group. They should not be able to create new VMs, delete existing VMs, or modify network settings.
You review the built-in Azure RBAC roles and find that none perfectly match these exact requirements.
What should you do?
A development team needs the ability to start and stop Azure Virtual Machines in a specific resource group. They should not be able to create new VMs, delete existing VMs, or modify network settings.
You review the built-in Azure RBAC roles and find that none perfectly match these exact requirements.
What should you do?
Answer options:
A.
Create a custom RBAC role with Microsoft.Compute/virtualMachines/start/action and Microsoft.Compute/virtualMachines/powerOff/action permissions.
B.
Assign the Virtual Machine Contributor built-in role.
C.
Apply a ReadOnly resource lock to the resource group.
D.
Assign the DevTest Labs User built-in role.
How to approach this question
When built-in roles grant too much permission, the solution is always a custom RBAC role tailored to the exact actions needed.
Full Answer
A.Create a custom RBAC role with Microsoft.Compute/virtualMachines/start/action and Microsoft.Compute/virtualMachines/powerOff/action permissions.✓ Correct
When built-in Azure RBAC roles do not meet your specific requirements, you should create a custom RBAC role. By specifying only the exact actions needed (start and powerOff/deallocate), you adhere to the principle of least privilege. Assigning 'Virtual Machine Contributor' would give them too much power (create/delete).
Common mistakes
Thinking that a ReadOnly lock allows starting/stopping VMs. Starting a VM changes its state and requires write/action permissions.
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1
55 questions · hints · full answers · grading
More questions from this exam
Q01Contoso Ltd is a global financial institution with 80 Azure subscriptions spread across 4 managem...MediumQ02Fabrikam Inc. operates a hybrid cloud environment with 500 on-premises VMware virtual machines ru...HardQ03A startup company has a single Azure subscription with a monthly budget of $5,000.
The CFO want...EasyQ04You are designing an Azure Sentinel architecture for a Managed Security Service Provider (MSSP). ...MediumQ05A healthcare enterprise is migrating its infrastructure to Azure. They have strict compliance req...Hard