SC-100 Question #210: Real Exam Question with Answer & Explanation

Question

You have multiple Azure subscriptions that each contains multiple resource groups. You need to identify the privileged role assignments in each subscription and any associated security risks. The solution must minimize administrative effort. What should you use?

Options

• Aaccess reviews in Privileged Identity Management (PIM)
• Baccess reviews in Microsoft Entra ID Identity Governance
• CMicrosoft Defender External Attack Surface Management (Defender EASM) discovery
• Dthe Analytics dashboard in Microsoft Entra Permissions Management

Explanation

{"question_number": 7, "correct_answer": "A", "explanation": "Access reviews in Microsoft Entra Privileged Identity Management (PIM) are purpose-built for reviewing and auditing privileged role assignments specifically within Azure subscriptions, identifying overprivileged accounts, stale assignments, and associated security risks. PIM provides built-in risk signals, just-in-time access tracking, and automated review workflows, which minimizes administrative effort for this Azure-scoped task. Access reviews in Entra ID Governance (B) are broader identity lifecycle reviews not focused on Azure RBAC security risks. Defender EASM (C) is an external attack surface tool focused on internet-facing asset discovery, not internal RBAC analysis. Entra Permissions Management Analytics dashboard (D) is valuable for cross-cloud permission analysis but is more oriented toward multicloud environments and least-privilege recommendations, whereas PIM is the native, lowest-effort tool for Azure privileged role security review.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.