ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 25 discussion

Actual exam question from Microsoft's SC-300
Question #: 25
Topic #: 4
[All SC-300 Questions]

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant contains the users shown in the following table.

In Azure AD Privileged Identity Management (PIM), you configure the Global administrator role as shown in the following exhibit.

User1 is eligible for the Global administrator role.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Yes -

MFA is required on activation -

Box 2: No -
The Privileged Authentication Administrator can set or reset any authentication method for any user, including Global Administrators.
The Privileged Role Administrator can manage role assignments, including the Global Administrator role, in Azure Active Directory, as well as within Azure AD
Privileged Identity Management. In addition, this role allows management of all aspects of Privileged Identity Management and administrative units.

Box 3: No -
The Privileged Authentication Administrator can set or reset any authentication method for any user, including Global Administrators.
The Privileged Role Administrator can manage role assignments, including the Global Administrator role, in Azure Active Directory, as well as within Azure AD
Privileged Identity Management. In addition, this role allows management of all aspects of Privileged Identity Management and administrative units.
by vijeet at Sept. 14, 2022, 8:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dejo
Highly Voted 1 year, 4 months ago
Yes - "On activation, require Azure MFA" is set to Yes No - "Require approval to activate" is set to No No - Privileged Authentication Administrator can't assign roles (Privileged ROLE Administrator can!)
upvoted 37 times
...
vijeet
Highly Voted 1 year, 4 months ago
Privileged Authentication Administrator Can access to view, set and reset authentication method information for any user (admin or non-admin). Privileged Role Administrator Can manage role assignments in Azure AD, and all aspects of Privileged Identity Management.
upvoted 6 times
...
EmnCours
Most Recent 6 months, 1 week ago
YES NO YES
upvoted 1 times
...
dule27
7 months, 1 week ago
YES NO NO
upvoted 3 times
...
LeTrinh
11 months ago
YES - The MFA is required for users who are eligible for a role NO - Require approval set to NO NO - because the Approval set to NONE -> User2 (Priviledge Authentication administrator) cannot approve the active request -> ONLY Global Administrator or Privileged Role Administrator role can approve or manage PIM role settings (see picture)
upvoted 1 times
...
doch
1 year ago
YNY #2 If no specific approvers are selected, Privileged Role Administrators and Global Administrators become the default approvers. But the role given to User2 here is Privileged Role Administrator. #3 Privileged Authentication Administrator can managed Global Admin so this should be yes. https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#privileged-authentication-administrator
upvoted 2 times
doch
1 year ago
Typo. But the role given to User2 here is Privileged **Authen** Administrator.
upvoted 2 times
...
...
Faheem2020
1 year, 4 months ago
For the 2 and 3 to be YES, User 2 should be a privileged role administrator
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago