exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam

Exam SC-300 topic 4 question 43 discussion

Actual exam question from Microsoft's SC-300
Question #: 43
Topic #: 4
[All SC-300 Questions]

You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to ensure that User1 can create access reviews for Azure AD roles. The solution must use the principle of least privilege.

Which role should you assign to User1?

  • A. Privileged role administrator
  • B. Identity Governance Administrator
  • C. User administrator
  • D. User Access Administrator
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
kanag1
Highly Voted 1 year, 7 months ago
Selected Answer: A
To create access reviews for Azure resources, you must be assigned to the Owner or the User Access Administrator role for the Azure resources. To create access reviews for Azure AD roles, you must be assigned to the Global Administrator or the Privileged Role Administrator role. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-create-roles-and-resource-roles-review#prerequisites
upvoted 15 times
...
YesPlease
Most Recent 2 days, 16 hours ago
Selected Answer: D
Answer D) User Access Administrator To create access reviews for Azure resources, you must be assigned to the Owner or the User Access Administrator role for the Azure resources. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-create-roles-and-resource-roles-review#prerequisites:~:text=To%20create%20access%20reviews%20for%20Azure%20resources%2C%20you%20must%20be%20assigned%20to%20the%20Owner%20or%20the%20User%20Access%20Administrator%20role%20for%20the%20Azure%20resources.
upvoted 1 times
...
anonymousarpanch
1 month, 3 weeks ago
Selected Answer: A
as usual for microsoft to make fun by confusing via terminology. dont know what makes them happy..there is nothing intelligent about it. just because Azure AD is now called Microsoft Entra, which means that Azure AD roles are not Azure RBAC roles but rather Entra roles. And entra roles are those roles which are predefined administrative kind of roles like global administrator, user administrator, etc.. refer the table in this link https://learn.microsoft.com/en-us/entra/id-governance/deploy-access-reviews#who-will-create-and-manage-access-reviews
upvoted 1 times
...
Matt19
2 months, 3 weeks ago
Selected Answer: B
Identity Governance Administrator role provides the necessary permissions to manage access reviews without granting excessive privileges.
upvoted 2 times
...
niklas1242
3 months ago
Selected Answer: D
Global Administrator: Can manage all aspects of Azure AD, including creating and managing access reviews for Azure AD roles. Privileged Role Administrator: Specifically responsible for managing role assignments in Azure AD and can create access reviews for privileged roles, including Azure AD roles like Global Administrator, Security Administrator, etc. User Access Administrator (when managing resources): If access reviews are tied to Azure resources, this role might be able to initiate reviews for roles assigned to those resources.
upvoted 1 times
...
ATimTimm
4 months ago
Selected Answer: B
Identity Governance Administrator hast he least privileges.
upvoted 1 times
...
Cybersecgirl
5 months, 2 weeks ago
To create access reviews while adhering to the principle of least privilege, you would typically need a role with the minimum permissions necessary to initiate and manage access reviews, such as a "User Access Administrator" role in most identity management systems, allowing you to review user access without granting broader administrative privileges.
upvoted 1 times
Cybersecgirl
5 months, 2 weeks ago
To create access reviews for Azure resources, you must be assigned to the Owner or the User Access Administrator role for the Azure resources. To create access reviews for Microsoft Entra roles, you must be assigned at least the Privileged Role Administrator role.
upvoted 1 times
...
...
hml_2024
6 months ago
Selected Answer: B
The Identity Governance Administrator has the least number of roles required to create and manage Access Reviews for Azure AD roles.
upvoted 2 times
...
hml_2024
6 months ago
Selected Answer: B
User administrators cannot create access reviews for Azure AD roles. The User administrator role is primarily responsible for managing user accounts, groups, and password resets, but it does not have the necessary permissions to manage access reviews or governance tasks related to Azure AD roles. To create access reviews for Azure AD roles, roles like Identity Governance Administrator or Privileged Role Administrator are required. These roles have the necessary permissions for managing access reviews, especially related to Azure AD roles.
upvoted 1 times
...
hml_2024
6 months, 1 week ago
To allow User1 to create access reviews for Azure AD roles while adhering to the principle of least privilege, you should assign B. Identity Governance Administrator. The Identity Governance Administrator role enables a user to manage access reviews, terms of use, and privileged access settings in Azure AD. This role is specifically suited for handling access reviews while limiting permissions to only governance-related tasks, aligning with the principle of least privilege.
upvoted 1 times
...
srysgbvjumozmail
7 months, 2 weeks ago
To create access reviews for Azure resources, you must be assigned to the Owner or the (User Access Administrator) role for the Azure resources. To create access reviews for Microsoft Entra roles, you must be assigned at least the (Privileged Role Administrator) role. REF: https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-create-roles-and-resource-roles-review#prerequisites Correct Answer: A
upvoted 1 times
...
JuanZ
10 months, 4 weeks ago
Selected Answer: C
https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/delegate-by-task Least privileged roles by task in Microsoft Entra ID Create, update, or delete access review of a group or of an app- User Administrator
upvoted 3 times
...
klayytech
11 months ago
Selected Answer: A
Microsoft Entra roles 1-Global administrator or 2-Privileged Role administrator
upvoted 2 times
...
razit
11 months, 4 weeks ago
Selected Answer: D
Based on https://learn.microsoft.com/en-us/entra/id-governance/deploy-access-reviews#who-will-create-and-manage-access-reviews answer is D.
upvoted 1 times
...
Leuxah
1 year, 2 months ago
"To create access reviews for Microsoft Entra roles, you must be assigned to the Global Administrator or the Privileged Role Administrator role." https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-create-roles-and-resource-roles-review#prerequisites
upvoted 2 times
...
haazybanj
1 year, 3 months ago
Selected Answer: A
Access reviews: User Administrator (with the exception of access reviews of Azure or Microsoft Entra roles, which require Privileged Role Administrator). In this case, the Access review is for an Azure role which requires Privileged Role Administrator. https://learn.microsoft.com/en-us/entra/id-governance/identity-governance-overview?WT.mc_id=Portal-Microsoft_Azure_ELMAdmin#appendix---least-privileged-roles-for-managing-in-identity-governance-features
upvoted 2 times
...
Nyamnyam
1 year, 4 months ago
Selected Answer: A
Look at the table here https://learn.microsoft.com/en-us/entra/id-governance/deploy-access-reviews#who-will-create-and-manage-access-reviews Specifically the row "Microsoft Entra roles"
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago