ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 6 discussion

Actual exam question from Microsoft's SC-300
Question #: 6
Topic #: 4
[All SC-300 Questions]

Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when required.
What should you configure for the Security administrator role assignment?

  • A. Expire eligible assignments after from the Role settings details
  • B. Expire active assignments after from the Role settings details
  • C. Assignment type to Active
  • D. Assignment type to Eligible
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Beitran at May 11, 2021, 11:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Beitran
Highly Voted 3 years, 1 month ago
Correct
upvoted 16 times
...
007Ali
Highly Voted 2 years, 5 months ago
I think the best way to read this question is "What should you configure FIRST for the Security administrator role assignment?" You would setup "D. Assignment type to Eligible" so the admins can request the role in future, for a limited time based on the Role Setting of "Activation maximum duration (hours): 8 (by default)" Only then would you set "B. Expire active assignments after from the Role settings details" So D is the correct answer.
upvoted 16 times
...
Obi_Wan_Jacoby
Most Recent 1 month, 2 weeks ago
Selected Answer: D
Answer D: Assignment type to Eligible
upvoted 1 times
...
YesPlease
3 months ago
Selected Answer: D
Answer d) Assignment type to ELIGIBLE A role assignment that requires a user to perform one or more actions to use the role. If a user is eligible for a role, they can activate the role when they need to perform privileged tasks. There's no difference in the access given to someone with a permanent versus an eligible role assignment. The only difference is that some people don't need that access all the time. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure#terminology:~:text=Description-,eligible,-Type
upvoted 1 times
...
Jzx
9 months ago
Selected Answer: D
D. Assignment type to Eligible: When you set the assignment type to "Eligible," it means that users will not have permanent access to the role but will be eligible for it. They will need to activate the role when required, and it won't be active by default. This approach allows you to enforce just-in-time access, meaning that users will only have access to the Security administrator role when they request and activate it through PIM. Once their role activation period ends, they will lose access to the role automatically.
upvoted 3 times
...
EmnCours
10 months, 3 weeks ago
Selected Answer: D
Correct Answer: D
upvoted 2 times
...
OK2020
11 months, 1 week ago
Selected Answer: B
I would say B for teh below reason Eligible means teh user needs to take action to activate the role but it may then be permanent and won't expire. This doesn't comply with the ask "when required". Hence time bound should be applied on "Active" roles to disable access after completing the task and right until it's required again for the user to request another activation
upvoted 1 times
...
dule27
11 months, 2 weeks ago
Selected Answer: D
D. Assignment type to Eligible
upvoted 2 times
...
IS_PT_ISO
11 months, 2 weeks ago
Selected Answer: D
D is the correct answer
upvoted 2 times
...
existingname
1 year, 9 months ago
D is correct. in the exam today
upvoted 3 times
...
Yelad
2 years, 2 months ago
On the exam - March 28, 2022
upvoted 1 times
...
Jun143
2 years, 2 months ago
just pass the exam today. This came in the question.
upvoted 1 times
...
TonytheTiger
2 years, 3 months ago
On the exam today - March 4, 2022
upvoted 2 times
...
Pravda
2 years, 4 months ago
On the exam 1/20/2022
upvoted 1 times
...
Hacker00
2 years, 5 months ago
Correct
upvoted 2 times
...
BaderJ
2 years, 8 months ago
Passed the exam today 23/09/2021 This question came in the exam.
upvoted 3 times
...
melatocaroca
2 years, 11 months ago
eligible A role assignment that requires a user to perform one or more actions to use the role. If a user has been made eligible for a role, that means they can activate the role when they need to perform privileged tasks. There is no difference in the access given to someone with a permanent versus an eligible role assignment. The only difference is that some people do not need that access all the time. Eligible role user permissions • Request activation of a role that requires approval • View the status of your request to activate • Complete your task in Azure AD if activation was approve
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel