ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 2 question 27 discussion

Actual exam question from Microsoft's AZ-500
Question #: 27
Topic #: 2
[All AZ-500 Questions]

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.

From PIM, you assign the Security Administrator role to the following groups:
✑ Group1: Active assignment type, permanently assigned
✑ Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No -
User1 is a member of Group1. Group1: Active assignment type, permanently assigned

Box 2: Yes -
Active Type: A role assignment that doesn't require a user to perform any action to use the role. Users assigned as active have the privileges assigned to the role

Box 3: No -
User3 is member of Group1 and Group2.
Group1: Active assignment type, permanently assigned
Group2: Eligible assignment type, permanently eligible
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings
by [deleted] at March 11, 2021, 2:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 3 years, 10 months ago
I think answer should be: No - this user already has the role assigned and 5 hours is how long the role can be assigned for when an eligible user activates it. Yes - but not for the reason stated, user 2 is eligible and there are no items required for approval so it will be automatic and assigned for 5 hours No - this user is already active in the role and will be for 1 month
upvoted 90 times
Startkabels
3 years, 9 months ago
5 hours is is not the expiration time, it is the activation time. The permissions for user2 will not be assigned for 5 hours but for for 3 months User 3 can active the role since he is a member of both the group for eligable assignment as for active assignment. Nowhere it states that the user already has the role.
upvoted 5 times
Startkabels
3 years, 9 months ago
Correction, what I said is incorrection: 5 hours is actually the expiration time after activation and the 3 months is the expiration for activating
upvoted 7 times
...
...
BalderkVeit
3 years, 8 months ago
User 3 canNOT activate role. he has it permanently active and if you'll try to activate already active role, you'll get error. So IT's a No.
upvoted 13 times
...
...
Pinto
Highly Voted 3 years, 10 months ago
Box1: No. User1 can activate the role in 5 hours does not make sense. The role is already active. Box2: Yes. User2 can activate the role and no approval is needed. Will have to just fill in the reason box. Box3: No. User2 is part of group1 and the role is already active. No activation required.
upvoted 29 times
cfsxtuv33
2 years, 11 months ago
Box 3 is "user 3" and they are a part of group 1 AND group 2...but since he is part of group 1 then he is already "active" and does not need to be assigned.
upvoted 4 times
...
...
pentium75
Most Recent 5 months, 2 weeks ago
NO ("IN five hours" is nonsense) YES (permanently eligible, no approval required) No (has already an active assignment, no need to elevate)
upvoted 1 times
...
bob_sez
1 year, 1 month ago
The permanent eligible is enabled so the 3 months and 1 month in the boxes below will have no affect to the permanent eligibility. Permanent means permanent.
upvoted 5 times
...
ArchitectX
1 year, 4 months ago
it should be N N Y
upvoted 1 times
...
massnonn
1 year, 7 months ago
N-N-Y Because Group2: Eligible assignment type, permanently eligible
upvoted 1 times
baye
1 year, 1 month ago
The Required Approuval to Activate is disabled
upvoted 1 times
...
...
majstor86
1 year, 10 months ago
No Yes No
upvoted 5 times
...
ltjones12
2 years ago
Answers are correct
upvoted 1 times
...
F117A_Stealth
2 years, 2 months ago
No - this user already has the role assigned and 5 hours is how long the role can be assigned for when an eligible user activates it. Yes - but not for the reason stated, user 2 is eligible and there are no items required for approval so it will be automatic and assigned for 5 hours No - this user is already active in the role and will be for 1 month
upvoted 1 times
...
Muaamar_Alsayyad
2 years, 2 months ago
Just test it on the lab, user 3 can't activate the role, it gives an error saying " the rule arledy active" Even though, the same role shows under active and eligible
upvoted 3 times
...
Doc_Pep
2 years, 5 months ago
IN 5 hours (as stated) or FOR 5 hours... If the question worded as is here on test (which I think is a mistake) then NO if it says FOR 5 hours, then yes...
upvoted 3 times
...
Ivanvazovv
2 years, 5 months ago
Answers are NYN, but User2 doesn't need to provide justification at all. Justification is required for the admin that assigns the roles to explain why he assigns them.
upvoted 1 times
...
WhalerTom
3 years ago
In exam Dec 21. 40 questions, 1 case study, no labs.
upvoted 2 times
...
Incredible99
3 years ago
In 12/18/21 exams
upvoted 4 times
...
zioggs
3 years, 2 months ago
Exam - 4/11/21
upvoted 3 times
...
SecurityAnalyst
3 years, 4 months ago
# IN EXAM - 31/8/2021
upvoted 1 times
...
Socgen1
3 years, 4 months ago
In exam on 31/08/2021
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago