ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 4 discussion

Actual exam question from Microsoft's SC-300
Question #: 4
Topic #: 4
[All SC-300 Questions]

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant that contains Azure AD Privileged Identity Management (PIM) role settings for the User administrator role as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan
by Krille at May 7, 2021, 12:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MajorUrs
Highly Voted 3 years, 10 months ago
So correct answers are: 8 hours Global administrators and privileged role administrators
upvoted 123 times
...
Krille
Highly Voted 3 years, 10 months ago
"If no specific approvers are selected, privileged role administrators/global administrators will become the default approvers."
upvoted 41 times
sezza_blunt
3 years, 9 months ago
This is exactly what it says in the PIM settings when editing a role.
upvoted 5 times
...
Beitran
3 years, 10 months ago
https://janbakker.tech/active-directory-identity-governance-privileged-identity-management/
upvoted 2 times
...
...
YesPlease
Most Recent 4 days, 10 hours ago
Answer 1) 8 Hours Answer 2) global administrators and privileged role administrators Question 1 is referencing "Activation maximum duration", which is 8 hours. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure#assign Additional Notes: For eligible assignments, the members can activate or requesting approval during the start and end dates. For active assignments, the members can use the assigned role during this period of time.
upvoted 1 times
...
klayytech
11 months ago
8 hours Global administrators and privileged role administrators Norte : If no specific approvers are selected, privileged role administrators/global administrators will become the default approvers.
upvoted 2 times
jim85
8 months, 2 weeks ago
That's the point! Reference for it: https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-how-to-change-default-settings
upvoted 1 times
...
...
loaysalameh
1 year, 1 month ago
This question needs to be updates, under https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-how-to-change-default-settings You can require approval for activation of an eligible assignment. The approver doesn't have to have any roles. When you use this option, you must select at least one approver. We recommend that you select at least two approvers. There are no default approvers.
upvoted 2 times
...
Foggy31
1 year, 4 months ago
build in my lab, 8 hours and when not assigning approvers: "If no specific approvers are selected, privileged role administrators/global administrators will become the default approvers"
upvoted 2 times
...
EmnCours
1 year, 7 months ago
8 hours Global administrators and privileged role administrators
upvoted 2 times
...
dule27
1 year, 8 months ago
8 hours Global administrators and privileged role administrators
upvoted 1 times
...
OK2020
1 year, 8 months ago
I stand corrected. The time limit under "activation" is the one in effect here which is 8 Hours.
upvoted 1 times
...
OK2020
1 year, 9 months ago
My answer would be "1 Month" as it's teh time when an active assignment expire and the role would require another activation. The 8 hours is the time period before an activation request expire, different from the role lifetime which is the assignment
upvoted 1 times
OK2020
1 year, 8 months ago
I stand corrected. The time limit under "activation" is the one in effect here which is 8 Hours.
upvoted 1 times
OK2020
1 year, 8 months ago
I'm changing my suggested answer again: Actually it should be 1 month: https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan Type of assignments There are two types of assignment – eligible and active. If a user has been made eligible for a role, that means they can activate the role when they need to perform privileged tasks. You can also set a start and end time for each type of assignment. This addition gives you four possible types of assignments: Permanent eligible Permanent active Time-bound eligible, with specified start and end dates for assignment Time-bound active, with specified start and end dates for assignment In case the role expires, you can extend or renew these assignments. We recommend you keep zero permanently active assignments for roles other than the recommended two break-glass emergency access accounts, which should have the permanent Global Administrator role.
upvoted 1 times
...
...
...
f2bf85a
1 year, 11 months ago
Note: User may not be prompted for multi-factor authentication if they authenticated with strong credentials, or provided multi-factor authentication earlier in this session. If there is no information about strong credentials in the question, it should be assumed that the user will be prompted for MFA every 8 hours regardless of their previous authentication status. The activation maximum duration for Azure AD PIM sets a time limit for the user's access to the privileged role, and once that time limit has been reached, the user will need to re-authenticate with multi-factor authentication to continue using the role. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings#on-activation-require-multi-factor-authentication
upvoted 1 times
...
Taigr
2 years ago
on the exam 24.02.2022. I answered: 8 hours Global administrators and Privileged role administrators
upvoted 5 times
...
LeTrinh
2 years ago
Wrong. The correct answers are 15 days and global administrator or privileged role administrator. Because no delegation here. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings Role settings Activation maximum duration Use the Activation maximum duration slider to set the maximum time, in hours, that an activation request for a role assignment remains active before it expires. This value can be from one to 24 hours.
upvoted 1 times
...
BTL_Happy
2 years, 4 months ago
this question came out in my test today.
upvoted 2 times
...
estyj
2 years, 4 months ago
Correct. Have it setup and tested.
upvoted 1 times
...
BB6919
2 years, 5 months ago
Is there anything that the Global Admin can't do?
upvoted 1 times
purek77
2 years, 2 months ago
Work with Custom Security Attributes - you need a dedicated Azure AAD RBAC role.
upvoted 2 times
...
...
Imee
2 years, 5 months ago
on the exam 09222022, i answered the same. Passed the exam, btw.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago