AZ-500 Question #287: Real Exam Question with Answer & Explanation

Submitted by chiamaka_o· Mar 6, 2026Manage Azure Active Directory identities - specifically understanding the differences between Assigned and Dynamic membership group types and what object types (users, groups, managed identities, service principals) are eligible for membership in each group type.

Question

Hotspot Question You have an Azure subscription that contains the Azure Active Directory (Azure AD) resources shown in the following table. You create the groups shown in the following table. Which resources can you add to Group5 and Group6? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:

Explanation

Group5 is an Assigned membership type Security group, which can contain users, other groups (nested groups), managed identities, and service principals/applications - making all four resource types (User1, Group1, Managed1, App1) valid members. Group6 is a Dynamic User membership type group, which uses dynamic membership rules based on user attributes, meaning ONLY user objects can be members; groups, managed identities, and applications/service principals cannot be added because they are not user objects and do not have user attributes evaluated by dynamic rules. Dynamic membership groups automatically populate based on defined attribute rules, restricting membership strictly to the object type specified (User or Device).

Topics

#Azure Active Directory#Group Membership Types#Dynamic Groups#Identity Management

Community Discussion

No community discussion yet for this question.

Full AZ-500 Practice Browse All AZ-500 Questions