ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 2 question 70 discussion

Actual exam question from Microsoft's AZ-104
Question #: 70
Topic #: 2
[All AZ-104 Questions]

HOTSPOT
-

You have an Azure AD tenant named contoso.com.

You have two external partner organizations named fabrikam.com and litwareinc.com. Fabrikam.com is configured as a connected organization.

You create an access package as shown in the Access package exhibit. (Click the Access package tab.)



You configure the external user lifecycle settings as shown in the Lifecycle exhibit. (Click the Lifecycle tab.)



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Stevy_nash at Jan. 4, 2023, 8:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PlaceboC6
Highly Voted 2 years ago
N - Because not Connected Y - Because when it expires it is removed from the group. Proof to follow Y - Because..math https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources When a user's access package assignment expires, they are removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team.
upvoted 148 times
areait
1 week, 1 day ago
Tested in the labs N because not connected N because they will be blocked only as it states in the "Manage lifecycle of external users" Y The only one right bc it's 365 + 30 in order to remove users if u have any doubt you can check this video : https://www.youtube.com/watch?v=J136cq9r0u8 with the title "54. MS Azure Administrator Associate AZ 104 - Access Package, Guest Users, Entitlement Management"
upvoted 1 times
...
a6bd45e
7 months, 3 weeks ago
Regarding the first statement: The package is set so those from organization that is not connected cannot request to be added. Does it mean they cannot be assigned (by Owner for example)? The package defines "cannot request access". The statement says "can be assigned".
upvoted 3 times
NotKnownForMuch
2 months, 2 weeks ago
First statement is Yes In some cases, you might want to directly assign specific users to an access package so that users don't have to go through the process of requesting the access package. To directly assign users, the access package must have a policy that allows administrator direct assignments. https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-assignments
upvoted 1 times
...
...
3c5adce
9 months, 3 weeks ago
Confirmed
upvoted 1 times
...
AK4U_111
2 years ago
After reading this article, i would say NYY is correct. Thank you
upvoted 9 times
...
Load full discussion...
...
Ruby1133299
Highly Voted 2 years, 1 month ago
N not a connected organisation N expired not remove Y 365 + 30 = 395 removed
upvoted 103 times
RougePotatoe
2 years, 1 month ago
Why don't people cite their sources. so we know for sure that expired isn't the same as removed.
upvoted 4 times
RougePotatoe
2 years, 1 month ago
I mis-read the question. I still wish people would cite their sources though.
upvoted 6 times
...
...
Indy429
1 year, 2 months ago
This is the right answer If Q2 said "EXPIRE" it would be Yes, but it said "REMOVE" which will only happen 30 days after expiring
upvoted 1 times
...
...
Stunomatic
Most Recent 4 months, 2 weeks ago
after expiration of access package After access package expiration (365 days): External users lose access to the resources in the package, and they are removed from any groups or roles tied to the package. 30 days later: The external users will be deleted from your Azure AD tenant (if they have no other access packages or assignments). Y N N
upvoted 2 times
Stunomatic
4 months, 2 weeks ago
sorry N Y Y
upvoted 2 times
...
...
behradcld
6 months ago
I think the answer is correct: Yes: Because users can be assigned but they can not request No: Because expired not removed Yes: correct after 395 will be removed
upvoted 3 times
...
[Removed]
6 months ago
WRONG No No Yes
upvoted 2 times
...
varinder82
9 months, 3 weeks ago
Final Answer: N not a connected organisation N expired not remove Y 365 + 30 = 395 removed
upvoted 5 times
...
3c5adce
9 months, 3 weeks ago
ChatGPT4 says No no no
upvoted 1 times
2fd1029
6 months, 1 week ago
We don't care what ChatGPT says. ChatGPT gets questions wrong all the time.
upvoted 8 times
...
...
SkyZeroZx
1 year, 1 month ago
1.- N : Because not has a permissons 2.- N : Because is expired not delete 3.-Y : Because 365 + 30 to delete/remove is correct The answer https://www.youtube.com/watch?v=J136cq9r0u8&list=PLlKA5U_Yqgof3H0YWhzvarFixW9QLTr4S&index=53
upvoted 15 times
Jedi_sg2000
8 months, 1 week ago
that make sense!
upvoted 1 times
...
...
hebbo777
1 year, 3 months ago
N N : "When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team" .. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources Y - 365+30 = 395 deleted.
upvoted 3 times
...
katrvintraiz
1 year, 3 months ago
The answer https://www.youtube.com/watch?v=J136cq9r0u8&list=PLlKA5U_Yqgof3H0YWhzvarFixW9QLTr4S&index=53
upvoted 8 times
...
ziggy1117
1 year, 4 months ago
N N - When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team. https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-resources#add-a-group-or-team-resource-role Y
upvoted 1 times
ziggy1117
1 year, 3 months ago
sorry should be N-Y-Y
upvoted 4 times
...
...
amsioso
1 year, 4 months ago
N,N,Y https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-external-users#manage-the-lifecycle-of-external-users
upvoted 2 times
anyidea
9 months, 1 week ago
By default, when an external user no longer has any access package assignments, they're blocked from signing in to your directory. After 30 days, their guest user account is removed from your directory.
upvoted 1 times
...
...
Series_0011
1 year, 4 months ago
N Y - Group membership is only maintained after losing access to the access package if it was previously in the group before being assigned to the access package or if they are assigned to another access package that also includes that group or team. When access expires they are removed from the group or team. Y https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources
upvoted 4 times
...
skeleto11
1 year, 5 months ago
NO - Not connected NO - It is not removed from the group when their access package assignment is removed, they remain in the resource role. For example, if a user was a member of a group, and was assigned to an access package that included group membership for that group as a resource role, and then that user's access package assignment was removed, the user would retain their group membership. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources Y - 365+30 = 395 deleted.
upvoted 1 times
alexandrud
1 year, 4 months ago
The answer for the second question should be YES - "When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team." -> Source of the explanation is your link: https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources
upvoted 4 times
itismadu
5 months, 3 weeks ago
From the link "When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team" https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-resources sO IT SHOULD BE n y y
upvoted 1 times
...
...
...
mandogrogus
1 year, 5 months ago
NNY makes sense, but why is Y marked with red in 1 ?
upvoted 1 times
...
oopspruu
1 year, 6 months ago
It is NYY. N - Not a connected organization Y - After 365 days, the access package expires. If you read the description of "Manage Lifecycle" carefully, the removal part needs the expiration to go on for at least 30 days. Which means: Y - 365+30 = 395 Days == Removal
upvoted 3 times
...
gachocop3
1 year, 7 months ago
NNY 1- Not a connected organization 2. Expired no remove 3. 365 + 30 = 395 = removed
upvoted 7 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago