Assign Azure AD User the Required Role for Traffic Analytics in Azure Subscription | Microsoft Exam AZ-104

Assigning Reader Role at Subscription Level to Azure AD User Admin1

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.

Solution: You assign the Reader role at the subscription level to Admin1.

Does this meet the goal?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B.

A

Your account must meet one of the following to enable traffic analytics:

Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.

https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq

The solution provided is incorrect. Assigning the Reader role to Admin1 at the subscription level does not grant the necessary permissions to enable Traffic Analytics for the subscription.

To enable Traffic Analytics for an Azure subscription, Admin1 must be assigned the Network Contributor role or higher at the subscription level. This role grants the necessary permissions to create and manage Traffic Analytics resources.

The Network Contributor role allows Admin1 to manage network-related resources, including Traffic Analytics. In addition, it allows the user to create, modify, and delete network-related resources such as virtual networks, network security groups, and network interfaces.

The Reader role, on the other hand, only allows the user to view existing resources but does not grant permission to create, modify, or delete them. Therefore, assigning the Reader role to Admin1 does not meet the goal of enabling Traffic Analytics for the Azure subscription.

In summary, the correct solution is to assign the Network Contributor role or higher to Admin1 at the subscription level to enable Traffic Analytics for the Azure subscription.