HOTSPOT
You have an Azure subscription named Subcription1 that contains a resource group named RG1.
In RG1. you create an internal load balancer named LB1 and a public load balancer named 162.
You need to ensure that an administrator named Admin 1 can manage LB1 and LB2. The solution must follow the principle of least privilege.
Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area. NOTE: Caen correct selection is worth one point.
Answer:
Explanation:
Box 1: Network Contributor on RG1
To add to the backend pool, write permission is required on the Resource Group because it writes deployment information. To add a backend pool, you need network contributor role on the LB and on the VMs that will be part of the backend pool.
For this reason the network contributor role must be assigned to the RG where the LB and the VM resides. So the correct answer is Network Contributor on RG1 . Box 2: Network Contributor on RG1
For Health Probe also, without having access to RG1, no health probe can be added. If only Network Contributor role is assigned to LB then the user would not be able to access the IP addresses of the member pools.
Owner/Contributor can give the user access for everything. So it will not fit into the the principle of least privilege. Hence Owner and contributor role is incorrect choices for the question.
Leave a Reply