ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-304 All Questions

View all questions & answers for the AZ-304 exam
Go to Exam

Exam AZ-304 topic 2 question 57 discussion

Actual exam question from Microsoft's AZ-304
Question #: 57
Topic #: 2
[All AZ-304 Questions]

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains several administrative user accounts.
You need to recommend a solution to identify which administrative user accounts have NOT signed in during the previous 30 days.
Which service should you include in the recommendation?

  • A. Azure AD Privileged Identity Management (PIM)
  • B. Azure AD Identity Protection
  • C. Azure Advisor
  • D. Azure Activity Log
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by AlanJP at July 2, 2021, 5 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AlanJP
Highly Voted 3 years, 10 months ago
Correct - PIM access review
upvoted 32 times
YWDB
3 years, 6 months ago
Tested correct.
upvoted 2 times
...
...
GetulioJr
Highly Voted 3 years, 10 months ago
That is not a hard question, the answer is D, Azure Activity Log. You just create a query. That's it.
upvoted 12 times
sapien45
2 years, 10 months ago
There is only one thing never hard in you
upvoted 3 times
...
Farid77
3 years, 9 months ago
the question is about accounts that have NOT signed in so there will be no records in the log file. The provided answer PIM is then correct.
upvoted 5 times
tita_tovenaar
3 years, 9 months ago
Incorrect, @Getulio is right. The answer is a PowerShell script that runs on activity logs. PIM will tell you role creation dates etc. but it doesn't tell you who hasn't logged on for the last 30 days.
upvoted 2 times
cfsxtuv33
3 years, 9 months ago
Correct, or use a free-ware called CJWDEV and run it against AD and find out last log on or if the user has EVER logged on.
upvoted 1 times
...
...
...
Ario
3 years, 7 months ago
Your answer isn't correct : The Activity log is a platform log in Azure while Privileged Identity Management (PIM) is a service - question clearly ask about what service you recommend here ! so PIM is correct answer for this specific question.
upvoted 4 times
...
Richard_M
3 years, 1 month ago
Incorrect.. You're suggesting to run a query to find what? And then, with no results, match to what? The request is for a Service that allows you to find accounts that haven't logged in in 30 days. Access Review in PIM allows for that, without having to go trough extra steps to match against yet another list you need to query.
upvoted 1 times
One111
2 years, 8 months ago
Access Review is part of PAM, not PIM.
upvoted 1 times
...
...
Load full discussion...
...
hertino
Most Recent 3 years ago
In AZ-305 exam, 9 april 22
upvoted 4 times
...
kanweng
3 years, 1 month ago
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review after step 5 see the picture (Last sign in is more than 30 days ago).
upvoted 4 times
...
bacug
3 years, 3 months ago
Selected Answer: A
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-use-audit-log?tabs=new
upvoted 2 times
...
Carroyo826
3 years, 4 months ago
PIM ---> Privileged Identity Management
upvoted 1 times
...
examineezer
3 years, 4 months ago
Its PIM, but not access review. Its audit history. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/azure-pim-resource-rbac
upvoted 1 times
examineezer
3 years, 4 months ago
Sorry I've changed my mind (again). I can't see last sign-in in audit history either.
upvoted 1 times
examineezer
3 years, 4 months ago
Ok final answer - PIM access reviews. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review "The need for access to privileged Azure resource and Azure AD roles by employees changes over time. To reduce the risk associated with stale role assignments, you should regularly review access. You can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to create access reviews for privileged access to Azure resource and Azure AD roles." https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review "In the Enable review decision helpers section, choose whether you want your reviewer to receive recommendations during the review process. When enabled, users who have signed in during the previous 30-day period are recommended for approval. Users who haven't signed in during the past 30 days are recommended for denial."
upvoted 5 times
...
...
...
Dpejic
3 years, 4 months ago
In exam today 22-dec-2021
upvoted 3 times
...
Dpejic
3 years, 4 months ago
In exam today 22-dec-2021
upvoted 2 times
...
ivanmung
3 years, 4 months ago
To identify the admin user is not sign-in past 30 days: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-perform-azure-ad-roles-and-resource-roles-review
upvoted 3 times
...
leo_az300
3 years, 6 months ago
I would vote for D. As question specified this is for administrative account, and PIM doesn NOT manage some classic administrator roles as below, You cannot manage the following classic subscription administrator roles in Privileged Identity Management: Account Administrator Service Administrator Co-Administrator
upvoted 1 times
itenginerd
3 years, 1 month ago
Those are roles associated with Azure Classic infrastructure. If you're still having to manage those, you have more problems than which admins haven't signed on in the last 90 days...
upvoted 1 times
...
...
syu31svc
3 years, 7 months ago
Answer is A PIM for access review
upvoted 1 times
...
poplovic
3 years, 7 months ago
again, this is a question regarding "you need to recommend", not "meet the goal" For the recommendation question, it is asking for the best practice. There might be multiple possible approaches. We need to choose the best one. PIM access review is designed for this purpose. it is better than writing some code by querying the activity log. That is why it requires P2 license. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review
upvoted 4 times
...
Gautam1985
3 years, 8 months ago
correct
upvoted 1 times
...
Tripp_F
3 years, 9 months ago
PIM is correct. From 301 discussion: "You can use the Privileged Identity Management (PIM) audit history to see all role assignments and activations within the past 30 days for all privileged roles. If you want to see the full audit history of activity in your Azure Active Directory (Azure AD) organization, including administrator, end user, and synchronization activity, you can use the Azure Active Directory security and activity reports."
upvoted 6 times
BrettusMaximus
3 years, 9 months ago
Yes- but it wont give you a list of users who have not signed in.
upvoted 3 times
dennnnnnnnnn
3 years, 9 months ago
You are right, it won't generate a list of "not signed in for past 30days" However ,the question is "recommend a solution to identify" So, you can use PIM can identify the admin XXX is not on the list of past 30 days sign-in history. All in all, the question did highlight 30days, which matched with the PIM audit history duration.
upvoted 2 times
...
...
examineezer
3 years, 4 months ago
"to see all role assignments and activations".... this is NOT sign-ins!
upvoted 1 times
...
...
vitol
3 years, 10 months ago
Access Review provides only details about those accounts have access to a specific role with some sort of criteria the correct answer to me is "Activity logs" even though the best answer could be "sign-in logs"
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago