exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam

Exam AZ-500 topic 1 question 1 discussion

Actual exam question from Microsoft's AZ-500
Question #: 1
Topic #: 1
[All AZ-500 Questions]

Your company recently created an Azure subscription.
You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).
Which of the following is the role you should assign to the user?

  • A. The Global administrator role.
  • B. The Security administrator role.
  • C. The Password administrator role.
  • D. The Compliance administrator role.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Shahrezza
Highly Voted 3 years, 5 months ago
Given answer is correct. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
upvoted 10 times
...
kakakayayaya
Highly Voted 3 years, 6 months ago
Today, this not 100% correct. PIM ready to use without consent. Any user that have active role enables PIM.
upvoted 6 times
kktamang
3 years, 5 months ago
No. You havent got the meaning of question. "Anyone" can enable PIM and get the admin access for assigned duration but who has right and permission to assign admin role using PIM to others ? I hope its clear for you.
upvoted 1 times
...
...
hellboysecret
Most Recent 4 days, 18 hours ago
Selected Answer: A
Privileged Role Administrator or Global Administrator role can manage assignments for other administrators
upvoted 1 times
...
siya.mthi
1 week, 5 days ago
Selected Answer: A
A. The Global administrator role. Explanation: To implement Azure AD Privileged Identity Management (PIM), a user must have elevated privileges that allow them to manage role assignments and access controls. The Global Administrator role has the highest level of permissions in Azure AD, including the ability to enable and configure Privileged Identity Management (PIM). Why not the other options? B. Security Administrator → Can manage security-related policies but does not have permissions to configure PIM. C. Password Administrator → Only manages password-related tasks and cannot implement PIM. D. Compliance Administrator → Focuses on compliance settings and auditing but lacks control over PIM.
upvoted 1 times
...
stonwall12
1 month ago
Selected Answer: A
Answer: A, Global Administrator Reason: Azure AD Privileged Identity Management (PIM) requires Global Administrator permissions to be configured initially. While other administrators can manage specific PIM roles once it's set up, only Global Administrators can implement and configure PIM for the first time in an Azure AD tenant. Reference: https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-getting-started#prerequisites Note: Although a Security Administrator can manage some PIM settings after initial setup, they cannot implement PIM for the first time in an organization.
upvoted 1 times
...
pentium75
5 months, 3 weeks ago
Selected Answer: A
"Only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators" https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-deployment-plan Privileged Role Administrator is not an option, thus Global Administrator it is.
upvoted 3 times
...
Andre369
5 months, 3 weeks ago
Selected Answer: A
The Global administrator role has the highest level of privilege in Azure AD and provides full access to all administrative features, including the ability to configure and manage Azure AD PIM. This role allows the user to enable and configure Azure AD PIM for managing privileged roles and access in the Azure subscription. Therefore, the correct answer is: A. The Global administrator role.
upvoted 1 times
...
zellck
5 months, 3 weeks ago
Selected Answer: A
A is the answer. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan#assign-and-activate-azure-ad-roles For Azure AD roles in PIM, only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators. Global Administrators, Security Administrators, Global Readers, and Security Readers can also view assignments to Azure AD roles in PIM.
upvoted 3 times
...
msoh9637
5 months, 3 weeks ago
Seems an outdated question as PIM now is automatically enabled when a P2 license enabled user logs in? https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-getting-started When a user who is active in a privileged role in a Microsoft Entra organization with a Premium P2 license goes to Roles and administrators in Microsoft Entra ID and selects a role (or even just visits Privileged Identity Management): "We automatically enable PIM for the organization Their experience is now that they can either assign a "regular" role assignment or an eligible role assignment"
upvoted 1 times
...
QueZee
11 months, 1 week ago
B. Security administrator role Here's why: The Security administrator role provides the necessary permissions to manage Azure AD security features, including PIM. It grants control over security policies, access management, and monitoring, which aligns with PIM's functionalities.
upvoted 1 times
pentium75
7 months, 3 weeks ago
"Only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators" https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-deployment-plan
upvoted 1 times
...
...
MPB
1 year ago
Selected Answer: A
A is correct
upvoted 3 times
...
Ashi_321
1 year, 2 months ago
B. The Security administrator role. The Security administrator role in Azure AD is required to manage Azure AD Privileged Identity Management. This role allows the user to configure and manage PIM settings, including configuring role assignments, activating PIM for specific roles, and managing the PIM security settings.
upvoted 2 times
...
wardy1983
1 year, 4 months ago
To start using PIM in your directory, you must first enable PIM. 1. Sign in to the Azure portal as a Global Administrator of your directory. You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft account (for example, @outlook.com), to enable PIM for a directory. Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com
upvoted 1 times
...
ESAJRR
1 year, 8 months ago
Selected Answer: A
A. The Global administrator role.
upvoted 1 times
...
JunetGoyal
1 year, 10 months ago
In real world you should always give Privileged Role Administrator over global admin For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators. Global Administrators, Security Administrators, Global Readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
upvoted 1 times
...
Alexbz
1 year, 11 months ago
A is correct. For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged Role Administrator or Global Administrator role can manage assignments for other administrators. Global Administrators, Security Administrators, Global Readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
upvoted 1 times
...
majstor86
2 years ago
Selected Answer: A
A. The Global administrator role.
upvoted 6 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago