AZ-500 · Question #123
AZ-500 Question #123: Real Exam Question with Answer & Explanation
User1 is a member of Group1, which has an Active assignment type, meaning the Security Administrator role is already permanently active - no activation is required, so the claim that User1 can 'only activate' the role in five hours is incorrect (No). User2 is a member of Group2 (
Question
Hotspot Question You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table. From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit. From PIM, you assign the Security Administrator role to the following groups: - Group1: Active assignment type, permanently assigned - Group2: Eligible assignment type, permanently eligible For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Answer:
Explanation
User1 is a member of Group1, which has an Active assignment type, meaning the Security Administrator role is already permanently active - no activation is required, so the claim that User1 can 'only activate' the role in five hours is incorrect (No). User2 is a member of Group2 (Eligible assignment), and based on the PIM settings shown, the role requires approval before activation, meaning it is NOT assigned immediately upon activation request (No). User3 is a guest user but PIM does not inherently block guest users from activating eligible roles - since User3 is a member of Group2 (Eligible), they can activate the Security Administrator role, making this statement correct (Yes).
Topics
Community Discussion
No community discussion yet for this question.