SC-300 Question #274: Real Exam Question with Answer & Explanation

Submitted by yaw92· Mar 6, 2026Manage Azure Active Directory identities and governance - specifically implementing and configuring Privileged Identity Management (PIM) to control and monitor access to Azure resources, aligning with Microsoft SC-300 or AZ-104 governance objectives.

Question

Drag and Drop Question Your company is planning on using Privileged Identity Management (PIM) to grant administrative access to Azure resources. You are setting up PIM for the first time and establish the workflow that will be used to ensure that PIM can be used by the first user. What roles should you use for the following actions, while following the principle of least privilege? To answer, drag the appropriate role to each action. A role may be used once, more than once, or not at all. Answer:

Explanation

The PIM Administrator role is responsible for all administrative setup and configuration tasks in Privileged Identity Management, including enabling PIM, configuring settings, assigning eligible roles, and approving or managing the overall workflow - making it the correct role for the majority of setup and management actions. The PIM User role is the least privileged role, appropriate only for the action where a user activates or requests access to a privileged role (i.e., the end-user experience). The PIM Approver role is specifically scoped to the approval step in the activation workflow, where a designated approver reviews and approves or denies a role activation request.

Topics

#Privileged Identity Management#Azure AD Roles#Least Privilege#Identity Governance

Community Discussion

No community discussion yet for this question.

Full SC-300 Practice Browse All SC-300 Questions