ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 85 discussion

Actual exam question from Microsoft's MS-500
Question #: 85
Topic #: 1
[All MS-500 Questions]

HOTSPOT
-

You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2 and the users shown in the following table.



You have the Privileged Access settings configured as shown in the following exhibit.



You have a privileged access policy that has the following settings:

• Policy name: New Transport Rule
• Policy type: Task
• Policy scope: Exchange
• Approval Type: Manual
• Approver group: Group1

User1 requests access to the New Transport Rule policy for a duration of two hours.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by rtis16 at Feb. 27, 2023, 5:51 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
GPerez73
2 years ago
N/N/N Global reader cannot raise a request to PAM. Tested in lab
upvoted 2 times
Ahhallison
2 years ago
I agree, this is the way.
upvoted 1 times
...
...
examdj101j
2 years ago
Based on everything I read here and my own study Answers are correct... N - Because A default approval group is assigned (Group 2) Tested by users below Y - Because User 1 is in Group 1 which is defined in the policy as an Approver N - Because User 2 is in Group 2 (Which would be able to approve as the default) But in this case the approver is defined as Group 1.
upvoted 2 times
Tweety1972
1 year, 10 months ago
You cannot approve request for your self
upvoted 1 times
...
...
Stig_88
2 years ago
N-Admin1 is not member of Group2. N-You cannot approve request for your self even if you are member of approver Group Y-User2 is member of Group2 who is the approver.
upvoted 1 times
Stig_88
2 years ago
N N N-Global Reader do not have access to "Privileged Access"
upvoted 2 times
...
...
GatesBill
2 years ago
Tried the exact samen scenario; interestingly enough User1 was not able to create any access requests - "Couldn't create privileged access request." (although it has a E5 subscription and Global Reader role) Please bear in mind that this question is about PAM, not PIM.
upvoted 1 times
...
Pointless
2 years, 1 month ago
N - If an approver is defined then Global/PIM admins can’t approve N - User cannot approver their own requests N - approver defined is user group1 and user 2 is in group2 so they can’t approve.
upvoted 4 times
...
JoeP1
2 years, 1 month ago
I don't think User1 can approve their own request, so the second statement should also be No. I only found a Microsoft Techcommunity answer confirming someone can't approve their own PAM request: https://techcommunity.microsoft.com/t5/microsoft-365/office365-privileged-access-approval-process-if-requester-is-in/m-p/282012
upvoted 3 times
...
tecnicosoffshoretech
2 years, 2 months ago
Just tested on my lab, and there is not anymore and opción to set Group 2 as a default approved for all the roles. If not approved group is selected for a particular rol, de global admin or PIM administrator can approve the active rol. If a group is selected (on the example group 1) this is the new approval group and global admin and PIM admin cant approve anymore (only see and cancel) https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/azure-ad-pim-approval-workflow
upvoted 1 times
tecnicosoffshoretech
2 years, 2 months ago
After further testing, the default approval group for all the roles is in Microsoft 365 Admin - Org Settings - Security and privacy - Privileged access.
upvoted 1 times
tecnicosoffshoretech
2 years, 2 months ago
But the approval group for priviledged access to perform taks in Purwiew (compliance center) doenst have anything to see with PIM therefore the answers are good. ¨Privileged access management is defined and scoped at the task level, while Azure AD Privileged Identity Management applies protection at the role level¨ https://learn.microsoft.com/en-US/microsoft-365/compliance/privileged-access-management?WT.mc_id=365AdminCSH_inproduct&view=o365-worldwide
upvoted 1 times
...
...
...
rtis16
2 years, 2 months ago
Global admins can manage this by default. Am I missing something? https://learn.microsoft.com/en-us/microsoft-365/compliance/privileged-access-management?view=o365-worldwide#frequently-asked-questions
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago