Assigning Azure AD Role to Enable Traffic Analytics | AZ-104 Exam Preparation

Assigning Azure AD Role to Enable Traffic Analytics

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.

Solution: You assign the Owner role at the subscription level to Admin1.

Does this meet the goal?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B.

A

Your account must meet one of the following to enable traffic analytics:

Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.

https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq

The solution of assigning the Owner role at the subscription level to Admin1 will meet the goal of enabling Traffic Analytics for an Azure subscription, but it may not be the most appropriate or secure solution.

The Owner role grants full access to all resources in the subscription, including the ability to create, modify, and delete resources. This level of access may not be necessary or appropriate for Admin1 to enable Traffic Analytics.

A better solution would be to assign the Contributor or Network Contributor role to Admin1 at the resource group or network security group level where the resources for Traffic Analytics are located. The Contributor role provides the ability to create and modify resources but not delete them, while the Network Contributor role provides the ability to manage network resources but not access other resources in the subscription.

Assigning a more specific role to Admin1 will ensure that they only have the necessary permissions to complete the task at hand and will reduce the risk of accidental or intentional damage to other resources in the subscription.

Therefore, while assigning the Owner role at the subscription level to Admin1 would meet the goal of enabling Traffic Analytics for an Azure subscription, it may not be the most appropriate or secure solution.