Exam AZ-500 topic 2 question 64 discussion

The english of question is too confusing to understand. Who writes these questions

whoever figured out the proper answer must be a genius.

The PIM service principal needs to have that role assigned to the user in order for it to function . The PIM service itself needs the role too

This exact same question is in #113 Topic 2 (paid part of this website) and even this website has shown the answer mixed up compared to #63. This is so messed up. Guys if you are purchasing this questions from this website, do not blindly trust the answers. Know that only a few has purchased it and so the votes and discussion is significantly low. The answers are also messed up but you will get many more questions. If you are too good at finding answers yourself or want to prepare so badly then go for it otherwise it is absolutely a waste of money in my opinion.

The question states, A PIM user that is assigned the User Access Administrator ( it already has it assigned ). To support the answer. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-troubleshoot#access-to-azure-resources-denied Access to Azure resources denied Problem As an active owner or user access administrator for an Azure resource, you are able to see your resource inside Privileged Identity Management but can't perform any actions such as making an eligible assignment or viewing a list of role assignments from the resource overview page. Any of these actions results in an authorization error. Cause This problem can happen when the User Access Administrator role for the PIM service principal was accidentally removed from the subscription. For the Privileged Identity Management service to be able to access Azure resources, the MS-PIM service principal should always have the User Access Administrator role role assigned.

B. User Access Administrator

Weird question.

This question was tricky. But answer B is correct answer.

B is the answer. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-troubleshoot#access-to-azure-resources-denied Assign the User Access Administrator role to the Privileged identity Management service principal name (MS–PIM) at the subscription level. This assignment should allow the Privileged identity Management service to access the Azure resources.

Wow, very tricky

Here's a current reference link: https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-troubleshoot#access-to-azure-resources-denied

B. User Access Administrator

The question is related to this article: https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-troubleshoot However I can not find MS-PIM service principal

Note the question is asking what role we should assign the SERVICE principle. The role mentioned in the question is assigned to a USER. The question is confusingly worded, but the above distinction helped me answer it.

Very confusing to work out what it's asking for, as the answer is in the question but the question suggests it's not enough

It's B

https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin The answer seems correct