ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 6 discussion

Actual exam question from Microsoft's AZ-304
Question #: 6
Topic #: 2
[All AZ-304 Questions]

You have an Azure subscription that contains a custom application named Application1. Application1 was developed by an external company named Fabrikam,
Ltd. Developers at Fabrikam were assigned role-based access control (RBAC) permissions to the Application1 components. All users are licensed for the
Microsoft 365 E5 plan.
You need to recommend a solution to verify whether the Fabrikam developers still require permissions to Application1. The solution must meet the following requirements:
✑ To the manager of the developers, send a monthly email message that lists the access permissions to Application1.
✑ If the manager does not verify an access permission, automatically revoke that permission.
✑ Minimize development effort.
What should you recommend?

  • A. Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet.
  • B. Create an Azure Automation runbook that runs the Get-AzRoleAssignment cmdlet.
  • C. In Azure Active Directory (Azure AD), create an access review of Application1.
  • D. In Azure Active Directory (AD) Privileged Identity Management, create a custom role assignment for the Application1 resources.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Tombarc at Aug. 29, 2020, 11:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Tombarc
Highly Voted 4 years, 9 months ago
The correct answer is C. The answer D leads you to believe it's correct as the access view and assignment are created using Privileged Access Management (PIM), but in the last part, it mentions role assignment, which doesn't make any sense.
upvoted 44 times
...
Alexevansigg
Highly Voted 4 years, 8 months ago
Correct. Heres the Documentation on Access reviews: https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-user-access-with-access-reviews
upvoted 16 times
ReginaldoBarreto
4 years, 1 month ago
This link have a excellent documentation. tks
upvoted 4 times
...
...
plmmsg
Most Recent 3 years, 3 months ago
Selected Answer: C
C. In Azure Active Directory (Azure AD), create an access review of Application1.
upvoted 1 times
...
us3r
3 years, 4 months ago
Selected Answer: C
access review
upvoted 1 times
...
NebulousNeo
3 years, 5 months ago
Selected Answer: C
Correct Answer
upvoted 2 times
...
leo_az300
3 years, 8 months ago
Office 365 E5 in question gave hint that users have Azure AD premium P2 license. Office 365 subscriptions include the Free edition, but Office 365 E1, E3, E5, F1 and F3 subscriptions also include the features listed under the Office 365 apps column. With P2 license, you can set up Access Review, C is correct
upvoted 3 times
...
syu31svc
3 years, 8 months ago
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access. Have reviews recur periodically: You can set up recurring access reviews of users at set frequencies such as weekly, monthly, quarterly or annually, and the reviewers will be notified at the start of each review. Reviewers can approve or deny access with a friendly interface and with the help of smart recommendations. Answer is C
upvoted 2 times
...
tvs2021
3 years, 11 months ago
this question is appeared in my exam today. i cleared 304 exam.
upvoted 6 times
...
Rume
4 years ago
came in exam today 6 June... selected "C - Access Review"
upvoted 7 times
...
demonite
4 years ago
For anyone wondering how the changes are auto applied https://docs.microsoft.com/en-us/azure/active-directory/governance/complete-access-review#apply-the-changes
upvoted 2 times
...
neil1985_jy
4 years, 2 months ago
Clarification - "With Azure Active Directory (Azure AD), you can easily ensure that users have appropriate access. You can ask the users themselves or a decision maker to participate in an access review and recertify (or attest) to users' access. The reviewers can give their input on each user's need for continued access based on suggestions from Azure AD. When an access review is finished, you can then make changes and remove access from users who no longer need it"
upvoted 1 times
...
Jinder
4 years, 4 months ago
In today's exam.
upvoted 2 times
suryareddy
4 years, 4 months ago
Jinder, what did you answer :-). Pl share
upvoted 2 times
PravinDhote
4 years, 2 months ago
Whatever he answered, no one can cross validate whether its correct or wrong ;D
upvoted 5 times
timurlan
4 years, 1 month ago
He wants to know which answer is incorrect )
upvoted 1 times
...
...
...
...
FK2974
4 years, 4 months ago
Yes C is correct!!
upvoted 3 times
...
glam
4 years, 4 months ago
C. In Azure Active Directory (Azure AD), create an access review of Application1.
upvoted 3 times
...
milind8451
4 years, 4 months ago
Right ans
upvoted 2 times
...
Blaaa
4 years, 5 months ago
Correct answers
upvoted 3 times
...
bbartek
4 years, 5 months ago
At first I was thinking it's a tricky one, because of the specified license, but according to MS Identity Governance is supported in this scenario: Enterprise Mobility + Security E5/A5, Microsoft 365 E5/A5, Microsoft 365 E5/A5 Security, and Azure Active Directory Premium Plan 2 provide the rights for a user to benefit from Azure Active Directory Identity Governance. So answer C is correct.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel