You need to track application access assignments by using Identity Governance. The solution must meet the delegation requirements. What should you do first?
A.
Modify the User consent settings for the enterprise applications.
B.
Create a catalog.
C.
Create a program.
D.
Modify the Admin consent requests settings for the enterprise applications.
C. Program - It specifies to use this under the requirements in the text. Not sure why that's not mentioned more.
Also, here's Why B. Create a catalog seems appealing (but is incorrect):
A catalog in Azure AD is a way to organize and group resources like applications, groups, and role assignments. It can certainly be useful for managing resources and can serve as part of an Identity Governance strategy, particularly in Azure AD Entitlement Management. People may naturally associate a catalog with managing applications, so it makes sense that some would vote for it.
However, the question specifically asks for tracking application access assignments with a focus on delegation requirements. To clarify, catalogs are typically used to organize resources for access packages or entitlement management. They provide a container for resources but don't directly govern access assignment or track it in the way that programs do.
It says specifically in the Delegation requirements, use custom 'programs'
The first step in setting up the Identity Governance solution that meets the delegation requirements is to create a program. This will allow you to track and manage application access assignments effectively.
delegation requirement: Use custom programs for Identity Governance.
question: use identity governance and meet the delegation requirements
c: "create a program"
To track application access assignments by using Identity Governance in Microsoft Azure while meeting delegation requirements, you should start by creating a catalog. Therefore, option B, "Create a catalog," is the correct first step in this scenario.
Creating a catalog is typically the first step in setting up Identity Governance to manage access to applications and resources. It allows you to define and organize your resources, including enterprise applications, and is a foundational element in the Identity Governance framework.
Options A, C, and D do not directly address the initial setup of Identity Governance and tracking application access assignments, so they are not the first steps in this context.
Correct answer is B.
I can't see how C is being substantiated in these comments. No links were provided.
https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview#how-do-i-control-who-gets-access
Catalog is for Access Packages.
For Access reviews, we are using Programs.
Program is a ‘container’ that helps us to group reviews logically (for departments, projects, etc.)
So I have been reading about this topic for the past 30 min and still can't really decide which is better - catalog or program. haha :))
So I asked ChatGPT few questions forming an answer and this is what it said about this topic - hence going with the program option.
"If you want to track application access and manage privileged access in a more controlled and auditable way, creating a program in Azure AD Privileged Identity Management (PIM) would be a better option than creating a catalog
So, if your main goal is to track application access and manage privileged access in a more secure and auditable way, creating a program in Azure AD PIM would be the better choice."
In the Azure portal, select Azure Active Directory and then select Identity Governance. In the left menu, select Access packages and then open the access package. Select Assignments to see a list of active assignments. Select a specific assignment to see more details.
I think that it is Catalog
In the request is mentioned directly Identity Governance. In IG you have in Entitlement management options to set up :
Access packages
Catalogs
Connected applications
...
In catalogs you can have Access packages and member of access package can be applications.
I went for B aswell.
You must group those applications in a catalog and can manage access and it meets the delegation pre.
https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-create
This section is not available anymore. Please use the main Exam Page.SC-300 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
zakyntos
Highly Voted 3 years, 7 months agoRylandN
Highly Voted 2 years, 11 months agoArash123
Most Recent 5 months agoLabelfree
5 months, 2 weeks agoLabelfree
5 months, 2 weeks agoKRISTINMERIEANN
1 year agoSFAY
1 year, 3 months agocurtmcgirt
1 year, 4 months agomartonnie
1 year, 6 months agoJCkD4Ni3L
1 year, 6 months agoServerBrain
1 year, 8 months agomarsot
1 year, 9 months agohw121693
1 year, 9 months agodule27
1 year, 9 months agocris_exam
2 years, 1 month agoTaigr
2 years, 2 months agoNazir97
2 years, 3 months agoshaden2000
2 years, 4 months ago