Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-500 topic 2 question 27 discussion

Actual exam question from Microsoft's AZ-500
Question #: 27
Topic #: 2
[All AZ-500 Questions]

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit.

From PIM, you assign the Security Administrator role to the following groups:
✑ Group1: Active assignment type, permanently assigned
✑ Group2: Eligible assignment type, permanently eligible
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No -
User1 is a member of Group1. Group1: Active assignment type, permanently assigned

Box 2: Yes -
Active Type: A role assignment that doesn't require a user to perform any action to use the role. Users assigned as active have the privileges assigned to the role

Box 3: No -
User3 is member of Group1 and Group2.
Group1: Active assignment type, permanently assigned
Group2: Eligible assignment type, permanently eligible
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure https://docs.microsoft.com/bs-cyrl-ba/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings
by [deleted] at March 11, 2021, 2:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 2 years, 9 months ago
I think answer should be: No - this user already has the role assigned and 5 hours is how long the role can be assigned for when an eligible user activates it. Yes - but not for the reason stated, user 2 is eligible and there are no items required for approval so it will be automatic and assigned for 5 hours No - this user is already active in the role and will be for 1 month
upvoted 86 times
BalderkVeit
2 years, 6 months ago
User 3 canNOT activate role. he has it permanently active and if you'll try to activate already active role, you'll get error. So IT's a No.
upvoted 9 times
...
Startkabels
2 years, 8 months ago
5 hours is is not the expiration time, it is the activation time. The permissions for user2 will not be assigned for 5 hours but for for 3 months User 3 can active the role since he is a member of both the group for eligable assignment as for active assignment. Nowhere it states that the user already has the role.
upvoted 5 times
Startkabels
2 years, 8 months ago
Correction, what I said is incorrection: 5 hours is actually the expiration time after activation and the 3 months is the expiration for activating
upvoted 6 times
...
...
...
Pinto
Highly Voted 2 years, 9 months ago
Box1: No. User1 can activate the role in 5 hours does not make sense. The role is already active. Box2: Yes. User2 can activate the role and no approval is needed. Will have to just fill in the reason box. Box3: No. User2 is part of group1 and the role is already active. No activation required.
upvoted 28 times
cfsxtuv33
1 year, 10 months ago
Box 3 is "user 3" and they are a part of group 1 AND group 2...but since he is part of group 1 then he is already "active" and does not need to be assigned.
upvoted 2 times
...
...
bob_sez
Most Recent 2 weeks, 3 days ago
The permanent eligible is enabled so the 3 months and 1 month in the boxes below will have no affect to the permanent eligibility. Permanent means permanent.
upvoted 2 times
...
ArchitectX
2 months, 3 weeks ago
it should be N N Y
upvoted 1 times
...
massnonn
5 months, 4 weeks ago
N-N-Y Because Group2: Eligible assignment type, permanently eligible
upvoted 1 times
baye
4 days, 11 hours ago
The Required Approuval to Activate is disabled
upvoted 1 times
...
...
majstor86
9 months, 1 week ago
No Yes No
upvoted 4 times
...
ltjones12
11 months, 1 week ago
Answers are correct
upvoted 1 times
...
F117A_Stealth
1 year, 1 month ago
No - this user already has the role assigned and 5 hours is how long the role can be assigned for when an eligible user activates it. Yes - but not for the reason stated, user 2 is eligible and there are no items required for approval so it will be automatic and assigned for 5 hours No - this user is already active in the role and will be for 1 month
upvoted 1 times
...
Muaamar_Alsayyad
1 year, 1 month ago
Just test it on the lab, user 3 can't activate the role, it gives an error saying " the rule arledy active" Even though, the same role shows under active and eligible
upvoted 2 times
...
Doc_Pep
1 year, 4 months ago
IN 5 hours (as stated) or FOR 5 hours... If the question worded as is here on test (which I think is a mistake) then NO if it says FOR 5 hours, then yes...
upvoted 3 times
...
Ivanvazovv
1 year, 4 months ago
Answers are NYN, but User2 doesn't need to provide justification at all. Justification is required for the admin that assigns the roles to explain why he assigns them.
upvoted 1 times
...
WhalerTom
1 year, 11 months ago
In exam Dec 21. 40 questions, 1 case study, no labs.
upvoted 2 times
...
Incredible99
1 year, 11 months ago
In 12/18/21 exams
upvoted 4 times
...
zioggs
2 years, 1 month ago
Exam - 4/11/21
upvoted 3 times
...
SecurityAnalyst
2 years, 3 months ago
# IN EXAM - 31/8/2021
upvoted 1 times
...
Socgen1
2 years, 3 months ago
In exam on 31/08/2021
upvoted 1 times
...
vaaws
2 years, 4 months ago
NYN If you selective permanently active then you cannot chose expire https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-configure-role-settings you can choose one of these active assignment duration options: ASSIGNMENT DURATION Description Allow permanent active assignment Resource administrators can assign permanent active assignment. Expire active assignment after Resource administrators can require that all active assignments have a specified start and end date.
upvoted 4 times
vaaws
2 years, 4 months ago
typo error correction If you select permanently active then you cannot chose expire
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel