AZ-500 Question #251: Real Exam Question with Answer & Explanation

Question

You work for an organization using Azure Active Directory (Azure AD) Privileged Identity Management (PIM). You want Abby Brown, a user, to request administrative role elevation before he takes any administrative action in Azure. What should be your step of action?

Options

• AAssign Abby Brown the Eligible role membership type.
• BPerform a resource audit on Abby Brown.
• CInvite Abby Brown to an access review.
• DRequire Abby Brown to use Azure multi-factor authentication (MFA).

Explanation

To require a user to request administrative role elevation before taking action in Azure AD PIM, the user must be assigned the Eligible role membership type for the desired role.

Common mistakes.

• B. Performing a resource audit assesses access to resources but does not configure the mechanism for a user to request elevated permissions.
• C. Inviting a user to an access review is for periodically verifying existing role assignments, not for configuring a process for requesting temporary elevation.
• D. Requiring MFA enhances the security of a user's login but does not configure a process for role elevation through PIM.

Concept tested. Azure AD PIM eligible role assignment for just-in-time access

Reference. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-assign-azure-ad-roles

No community discussion yet for this question.