ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 35 discussion

Actual exam question from Microsoft's SC-300
Question #: 35
Topic #: 4
[All SC-300 Questions]

HOTSPOT -
You have a Microsoft 365 E5 subscription.
You create an access review for Azure Active Directory (Azure AD) roles.
You need to ensure that users who do not respond to review requests are removed automatically from the roles. The solution must minimize administrative effort.
Which two settings should you modify? To answer, select the settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Reviewers, Members (self)
Reviewers for guest users can be:
Specified reviewers: Certain users within your organization
Group owners: Office 365 Group owners that also includes Teams
Self-review: Guest users can review access on their own
Box 2: If reviewers don't respond, No Change
If reviewers don't respond (within the configured review period):
No change: Leave user's access unchanged
Remove access: Remove user's access
Approve access: Approve user's access
Take recommendations: Take the system's recommendation on denying or approving the user's continued access
Reference:
https://blog.quadrotech-it.com/blog/how-to-manage-guest-access-in-azure-active-directory-pt-1/
by existingname at Sept. 1, 2022, 6:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ACSC
Highly Voted 2 years, 2 months ago
In my opinion Box 1: Reviewers, Members (self) Box 2: If reviewers don't respond, Remove access This is the least administrative effort.
upvoted 12 times
Nail
3 months ago
but Box 1 is already configured. so...?
upvoted 2 times
...
...
dobriv
Highly Voted 1 year, 8 months ago
For me these are correct : 1) If reviewers don't respond - remove access 2) Require reason on approval - disable The first one is clear. The second one is for minimum administrative effort.
upvoted 8 times
kijken
1 year, 1 month ago
I think dobriv is right
upvoted 2 times
...
...
HartMS
Most Recent 9 months, 3 weeks ago
1)Self-review 2) If reviewer didn't respond Use "Members (Self)" when you want a designated reviewer (administrator, security team) to evaluate if direct members still require access to the reviewed resource. Use "Self-review" when you want users to take ownership of their access and confirm its continued relevance. This can be helpful for raising awareness and potentially reducing unnecessary access rights.
upvoted 1 times
...
Ody
11 months, 2 weeks ago
Box 1: Auto apply results to resource It says, "If the user's access is denied, their access to the resource will be removed AFTER the review is complete". If the setting is enabled, then their removal doesn't happen until a a review is completed. Sounds like work. Box 2: If reviewers don't respond: Remove Access https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-create-roles-and-resource-roles-review
upvoted 2 times
...
Nyamnyam
1 year, 2 months ago
Really dumb question. Only one setting change is needed: If reviewer don't respond = Remove access IMO, the Members (self) should NOT be changed - this is the best possible way to reduce admin effort. And is the only possible way to remove ONLY the non-responding users.
upvoted 6 times
...
chikorita
1 year, 10 months ago
for me; Auto apply result to resource: this will automatically remove the access If Reviewers don't respond: then remove access. correct me if wrong
upvoted 2 times
chikorita
1 year, 10 months ago
appearing for exam tomorrow, still positive on this answer
upvoted 1 times
...
...
DeepMoon
2 years, 2 months ago
Box 1: If Reviewers don't respond, remove access. Box 2: Additional Content for Reviewer email, Warn users due to inaction. Since you don't users caught off guard with inaction and creating additional administrative effort;
upvoted 3 times
...
pikapin
2 years, 4 months ago
Should not include Remove access too?
upvoted 1 times
...
geobarou
2 years, 4 months ago
IMO the answer is: -if reviewers didn't respond / obviously -At the end of review, send notification to / Because it says "You need to ensure..."
upvoted 2 times
...
existingname
2 years, 5 months ago
on the exam today. I chose: - if reviewers didn't respond - additional content for reviewer e-mail
upvoted 7 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago