Question:
You are managing an Azure subscription and want to delegate the management of virtual machines to a user, but you don't want to give them access to other resources. Which role should you assign to the user?
Answer:
The Virtual Machine Contributor role allows a user to create and manage virtual machines, but not the virtual network or storage account they're connected to. The Owner and Contributor roles would give the user access to all resources, not just virtual machines. The Reader role would only allow the user to view resources, not manage them.