Microsoft Certified: Azure Security Engineer Associate Exam Simulator

Microsoft Certified: Azure Security Engineer Associate

Time Left

120:00

Progress

Question: 1/50

You manage an Azure subscription that contains several resource groups. Developers must be able to start and stop virtual machines (VMs) but must not be able to delete VMs or change networking. What is the BEST way to meet the requirement with least privilege?

Assign the Virtual Machine Contributor role at the subscription scope

Assign the Contributor role at the resource group scope

Assign the Virtual Machine Operator role at the resource group scope

Create a custom role that allows only Microsoft.Compute/virtualMachines/start/action and stop/action, and assign it at the resource group scope