ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 41 discussion

Actual exam question from Microsoft's AZ-304
Question #: 41
Topic #: 2
[All AZ-304 Questions]

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.
You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:
✑ The evaluation must be repeated automatically every three months.
✑ Every member must be able to report whether they need to be in Group1.
✑ Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
✑ Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.
What should you include in the recommendation?

  • A. Change the Membership type of Group1 to Dynamic User.
  • B. Implement Azure AD Privileged Identity Management.
  • C. Implement Azure AD Identity Protection.
  • D. Create an access review.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by rithvik at March 11, 2021, 5:51 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rithvik
Highly Voted 4 years, 1 month ago
Create access review should be the option
upvoted 126 times
...
glam
Highly Voted 4 years, 1 month ago
D. Create an access review.
upvoted 26 times
...
tim_27_us
Most Recent 2 years, 6 months ago
Yes D.
upvoted 1 times
...
One111
2 years, 8 months ago
Selected Answer: D
Only Access Review allows to automate process every 3 month and automatically managed group members.
upvoted 1 times
...
AubinBakana
2 years, 8 months ago
Selected Answer: A
Keyword here is automatically & periodically. In the case of Access Review, a manager or an admin has to do the review after a request or the conditions have been met.
upvoted 1 times
...
NunoVarelaa
2 years, 9 months ago
Selected Answer: D
D for sure
upvoted 1 times
...
Sudhaker
2 years, 9 months ago
Selected Answer: D
Access Reviews
upvoted 1 times
...
Ashin
3 years, 1 month ago
The answer should be Dynamic User . Reasons : The question is specifically asking to automate the adding and removing of the user . In the official documentation of Access Review it is explicitly mentioned that the Access reviews should only be used if automation is not possible. We can also create rules for Dynamic Group also. The users will be added/removed based on the rules that are satisfied. https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership
upvoted 2 times
JayBee65
2 years, 10 months ago
And " Every member must be able to report whether they need to be in Group1." so a property cannot be used to auto add or remove users. They must decide themselves.
upvoted 1 times
...
VijayRaja2000
2 years, 10 months ago
I think that here the key is "The evaluation must be repeated automatically every three months". Dynamic users removes the members of the group when there is any change in the attributes of that users that we configure in the rule. This cannot be scheduled to be executed every three months.
upvoted 2 times
...
...
plmmsg
3 years, 1 month ago
Selected Answer: D
Create an access review.
upvoted 1 times
...
Dawn7
3 years, 1 month ago
Selected Answer: D
D is correct.
upvoted 2 times
...
Billabongs
3 years, 2 months ago
Access Review is the answer
upvoted 2 times
...
Xia_Li
3 years, 3 months ago
Selected Answer: D
Create Access Review
upvoted 1 times
...
Nokaido
3 years, 3 months ago
Selected Answer: D
Create access review
upvoted 1 times
...
Suhasrs
3 years, 3 months ago
Selected Answer: D
Only in Access Review can you automate the checks
upvoted 1 times
...
china5000
3 years, 4 months ago
D. Create an access review
upvoted 1 times
china5000
3 years, 4 months ago
One more thing: How users report back if they need to be in Group1 or not? This option is only available in Access Review.
upvoted 3 times
...
...
Carroyo826
3 years, 4 months ago
Create Access Review correct answer
upvoted 1 times
...
sakshi250291
3 years, 4 months ago
Selected Answer: D
D -Access Reviews
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago