Microsoft Azure Security Technologies (AZ-500)

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft Azure Security Technologies (AZ-500) exam. Prepare with well-structured questions and detailed explanations. Enhance your understanding and improve your readiness for the certification exam!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What role should be assigned to allow a user to download images from an Azure Container Registry with minimal privileges?

  1. Reader

  2. Contributor

  3. AcrPull

  4. AcrDelete

The correct answer is: AcrPull

Assigning the AcrPull role is the most suitable choice for allowing a user to download images from an Azure Container Registry while adhering to the principle of least privilege. The AcrPull role is specifically designed to grant permissions for pulling container images from an Azure Container Registry without providing any additional write or management capabilities. This ensures that users can only access and download the images, which aligns well with the goal of maintaining a secure environment by limiting the privileges assigned. The other roles mentioned serve different functions. The Reader role permits a user to view existing resources but does not allow pulling images from the registry. The Contributor role provides broader permissions, including the ability to create and manage resources, which expands access beyond what is necessary for simply downloading images. Meanwhile, the AcrDelete role would grant permissions to delete images from the registry, which is much more than what is needed for the task of downloading images and could pose a security risk. Thus, AcrPull is the most appropriate and secure choice.

More Questions Like This