ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam
Go to Exam

Exam AZ-305 topic 1 question 18 discussion

Actual exam question from Microsoft's AZ-305
Question #: 18
Topic #: 1
[All AZ-305 Questions]

HOTSPOT -
You have several Azure App Service web apps that use Azure Key Vault to store data encryption keys.
Several departments have the following requests to support the web app:

Which service should you recommend for each department's request? To answer, configure the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Azure AD Privileged Identity Management
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:
Provide just-in-time privileged access to Azure AD and Azure resources
Assign time-bound access to resources using start and end dates
Require approval to activate privileged roles
Enforce multi-factor authentication to activate any role
Use justification to understand why users activate
Get notifications when privileged roles are activated
Conduct access reviews to ensure users still need roles
Download audit history for internal or external audit
Prevents removal of the last active Global Administrator role assignment

Box 2: Azure Managed Identity -
Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.
Applications may use the managed identity to obtain Azure AD tokens. With Azure Key Vault, developers can use managed identities to access resources. Key
Vault stores credentials in a secure manner and gives access to storage accounts.
Box 3: Azure AD Privileged Identity Management
Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management:
Provide just-in-time privileged access to Azure AD and Azure resources
Assign time-bound access to resources using start and end dates
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
by mse89 at Sept. 1, 2022, 7:45 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mse89
Highly Voted 2 years, 5 months ago
PIM MI PIM answer is correct
upvoted 56 times
One111
2 years, 4 months ago
Non of security requirements can be accomplished by PIM. That's definitely not the right answer.
upvoted 2 times
Ayboum
2 years, 3 months ago
Access review is included on PIM
upvoted 16 times
SilverFox22
2 years, 1 month ago
To confirm: "You can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to create access reviews for privileged access to Azure resource and Azure AD roles." https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review
upvoted 8 times
...
...
KingHalik
1 year, 2 months ago
yes it does: https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure
upvoted 2 times
...
...
...
One111
Highly Voted 2 years, 4 months ago
It should be 1 Identity Governance / Access Review - access based on groups and review periods. 2 Managed Identity - access with passwordless and no additional administration footprints. 3 Privileged Identity Management - temporary role activation. Answers are probably messed and lack option in first list.
upvoted 23 times
sexyt
2 years ago
look at examtopics reply to you and realize this is an architect test not an engineering test
upvoted 1 times
romeconq1
9 months ago
that's obviously not ExamTopics themselves lol, if these guys actually cared they'd fix the wrong answers first.
upvoted 1 times
...
...
ExamTopicsTST
2 years, 2 months ago
@One111, since the option is not there, it is NOT an option as an answer. Under 'Identity Governance' is where PIM exists, and all the requirements can be met by what PIM provides. Answers provided ARE 100% correct: PIM, MI, PIM.
upvoted 19 times
...
FabrityDev
2 years ago
From documentation: Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. Here are some of the key features of Privileged Identity Management: Provide just-in-time privileged access to Azure AD and Azure resources Assign time-bound access to resources using start and end dates Require approval to activate privileged roles Enforce multi-factor authentication to activate any role Use justification to understand why users activate Get notifications when privileged roles are activated Conduct access reviews to ensure users still need roles Download audit history for internal or external audit Prevents removal of the last active Global Administrator and Privileged Role Administrator role assignments So PIM, MI, PIM https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
upvoted 12 times
...
...
[Removed]
Most Recent 2 months, 3 weeks ago
CORRECT
upvoted 1 times
...
Teerawee
5 months ago
Security: Azure AD Privileged Identity Management Development: Azure Managed Identity Quality Assurance: Azure AD Privileged Identity Management
upvoted 1 times
...
23169fd
7 months, 2 weeks ago
The given answers are correct. Azure AD Privileged Identity Management (PIM) Reason: PIM helps manage, control, and monitor access within Azure AD, Azure, and other Microsoft Online Services. It requires justifications for role assignments and provides alerts and history of changes. Development Department: Azure Managed Identity Reason: Managed Identity allows the application to access Azure Key Vault without needing to manage credentials. This provides secure access to the encryption keys needed by the applications. Quality Assurance Department: Azure AD Privileged Identity Management (PIM) Reason: PIM can provide temporary administrator access for creating and configuring additional web apps in the test environment, managing role assignments effectively.
upvoted 1 times
...
ZUMY
1 year, 10 months ago
Given answers are correct
upvoted 1 times
...
gdamascenom
1 year, 11 months ago
It should be: Azure AD Identity Protection to get the access reviews Azure Managed Identity Azure AD PIM
upvoted 8 times
...
jj22222
1 year, 11 months ago
AD PIM Azure Managed Identity AD PIM
upvoted 1 times
...
zellck
1 year, 11 months ago
1. Azure AD PIM 2. Azure Managed ID 3. Azure AD PIM https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review The need for access to privileged Azure resource and Azure AD roles by employees changes over time. To reduce the risk associated with stale role assignments, you should regularly review access. You can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to create access reviews for privileged access to Azure resource and Azure AD roles. You can also configure recurring access reviews that occur automatically. https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview While developers can securely store the secrets in Azure Key Vault, services need a way to access Azure Key Vault. Managed identities provide an automatically managed identity in Azure Active Directory (Azure AD) for applications to use when connecting to resources that support Azure AD authentication. Applications can use managed identities to obtain Azure AD tokens without having to manage any credentials.
upvoted 5 times
zellck
1 year, 11 months ago
https://learn.microsoft.com/en-us/training/modules/design-authentication-authorization-solutions/9-one-design-managed-identities Managed identities provide an identity for apps to use when connecting to resources that support Azure AD authentication. Apps can use the managed identity to obtain Azure AD tokens. An app might use a managed identity to access resources like Azure Key Vault where developers can store credentials in a secure manner or to access storage accounts.
upvoted 1 times
...
zellck
1 year, 11 months ago
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure#terminology just-in-time (JIT) access - A model in which users receive temporary permissions to perform privileged tasks, which prevents malicious or unauthorized users from gaining access after the permissions have expired. Access is granted only when users need it.
upvoted 1 times
...
...
OPT_001122
2 years ago
1 PIM 2 MI 3 PIM correct ans
upvoted 1 times
...
jj22222
2 years ago
answer is right
upvoted 2 times
...
ssgg100
2 years, 1 month ago
Correct
upvoted 2 times
...
Samko635
2 years, 3 months ago
It should be IT governance(Not an option) / MI / PIM "Review access" on PIM is a completely different thing to what security team is asking.
upvoted 2 times
Jay_2pt0
2 years, 3 months ago
Access Reviews are included with PIM. See https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
upvoted 1 times
...
...
meet_satish
2 years, 4 months ago
Answer is correct - PIM, MI, PIM PIM: - Assign time-bound access to resources using start and end dates - Use justification to understand why users activate - Get notifications when privileged roles are activated - Download audit history for internal or external audit
upvoted 6 times
...
most_lenyora
2 years, 5 months ago
Correct
upvoted 3 times
One111
2 years, 4 months ago
Non of security requirements can be accomplished by PIM. That's definitely not the right answer.
upvoted 2 times
Gbala
1 year, 6 months ago
PIM does have the capability to do the auditing and generate reports on activation of admin roles. So the ans is PIM,MI,PIM
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago