To evaluate and remediate the risks associated with highly privileged accounts across multiple Azure subscriptions linked to a single Microsoft Entra tenant, you should use Privileged Identity Management (PIM) (Option B).
Microsoft Entra PIM provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about. It helps you manage, control, and monitor access within your organization, which includes access to Azure resources and other Microsoft services.
Please note that while Microsoft Entra Permissions Management can provide visibility into permissions across multicloud infrastructures, it doesn’t specifically target the management of highly privileged accounts. Global Secure Access and Microsoft Entra Verified ID do not provide the specific capabilities required for this scenario.
Answer: B. I was torn between B and C. Lots of back and forth between a couple diff AI's turned up the below.
PIM's direct focus on the lifecycle management of privileged roles within the Microsoft Entra tenant and its linked subscriptions, along with its built-in workflows and centralized control, likely leads to a solution that minimizes administrative effort more effectively for this specific requirement.
Therefore, while Permissions Management excels at evaluating risk, Privileged Identity Management (PIM) (Option B) likely better addresses the requirement to minimize administrative effort while still providing significant capabilities for evaluating (through visibility of assignments) and remediating (through control) risks associated with highly privileged accounts within the specified Microsoft Entra tenant and its linked Azure subscriptions.
To evaluate and remediate the risks associated with highly privileged accounts while minimizing administrative effort, you should use Microsoft Entra Permissions Management. This tool provides a comprehensive solution for managing permissions and roles across multiple cloud environments, including Azure
You can basically evaluate and remediate the risk by using both PIM and Permission Management, but I think they were aiming to Permission Management "minimizing administrative effort" was mentioned
I think it's got to be C. in the description: "Discover
Customers can assess permission risks by evaluating the gap between permissions granted and permissions used." "
Remediate
Customers can right-size permissions based on usage, grant new permissions on-demand, and automate just-in-time access for cloud resources." https://learn.microsoft.com/en-us/entra/permissions-management/overview. I don't see how PIM does anything to "evaluate" risk.
it doesn't matter if its multi-cloud or not, Entra Permissions Management can be used for Azure only without onboarding AWS or GCP.
The answer is C as it provides this centralized location where we can easily check and fix the issues with permissions that have higher privileges..
Could make a case for PIM, but I think Microsoft wants to hear Permission Management.
The only thing that may not make it Permission Management is that it doesn't say multi-cloud.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.SC-300 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Steingalen
Highly Voted 1 year, 5 months agoSneekygeek
Highly Voted 1 year, 6 months agoObi_Wan_Jacoby
Most Recent 3 months agoYesPlease
5 months agoFrank9020
6 months, 3 weeks agorvln7
5 months, 2 weeks agoNail
9 months, 2 weeks agoaocferreira
9 months, 3 weeks agoSc300ExamDemo
1 year, 2 months agomedi1520
1 year, 4 months agoOdy
1 year, 5 months ago