Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam

Exam AZ-304 topic 2 question 41 discussion

Actual exam question from Microsoft's AZ-304

Question #: 41
Topic #: 2

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.
You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:
✑ The evaluation must be repeated automatically every three months.
✑ Every member must be able to report whether they need to be in Group1.
✑ Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
✑ Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.
What should you include in the recommendation?

A. Change the Membership type of Group1 to Dynamic User.
B. Implement Azure AD Privileged Identity Management.
C. Implement Azure AD Identity Protection.
D. Create an access review.

Show Suggested Answer

Suggested Answer: D 🗳️

by rithvik at March 11, 2021, 5:51 p.m.

Comments

Submit Cancel

rithvik

Highly Voted 4 years, 5 months ago

Create access review should be the option

upvoted 126 times

...

glam

Highly Voted 4 years, 5 months ago

D. Create an access review.

upvoted 26 times

...

tim_27_us

Most Recent 2 years, 9 months ago

Yes D.

upvoted 1 times

...

One111

2 years, 11 months ago

Selected Answer: D

Only Access Review allows to automate process every 3 month and automatically managed group members.

upvoted 1 times

...

AubinBakana

3 years ago

Selected Answer: A

Keyword here is automatically & periodically. In the case of Access Review, a manager or an admin has to do the review after a request or the conditions have been met.

upvoted 1 times

...

NunoVarelaa

3 years, 1 month ago

Selected Answer: D

D for sure

upvoted 1 times

...

Sudhaker

3 years, 1 month ago

Selected Answer: D

Access Reviews

upvoted 1 times

...

Ashin

3 years, 5 months ago

The answer should be Dynamic User . Reasons : The question is specifically asking to automate the adding and removing of the user . In the official documentation of Access Review it is explicitly mentioned that the Access reviews should only be used if automation is not possible. We can also create rules for Dynamic Group also. The users will be added/removed based on the rules that are satisfied. https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership

upvoted 2 times

JayBee65

3 years, 1 month ago

And " Every member must be able to report whether they need to be in Group1." so a property cannot be used to auto add or remove users. They must decide themselves.

upvoted 1 times

...

VijayRaja2000

3 years, 2 months ago

I think that here the key is "The evaluation must be repeated automatically every three months". Dynamic users removes the members of the group when there is any change in the attributes of that users that we configure in the rule. This cannot be scheduled to be executed every three months.

upvoted 2 times

...