ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 2 question 45 discussion

Actual exam question from Microsoft's AZ-301
Question #: 45
Topic #: 2
[All AZ-301 Questions]

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AZD) tenant named contoso.com. The tenant contains a group named Group1. Group1 contains all the administrative user accounts.
You discover several login attempts to the Azure portal from countries where administrative users do NOT work.
You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA).
Solution: Implement Azure AD Privileged Identity Management.
Does this solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by xmat at Nov. 2, 2019, 11:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
xmat
Highly Voted 5 years, 9 months ago
I don't think that's correct, https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure#what-does-it-do In this case you'd need an identity protection combined with conditional access rule, https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
upvoted 23 times
Rajuuu
5 years, 3 months ago
PIM:- Enforce multi-factor authentication to activate any role. As per the link provided by you .. A could still be correct.
upvoted 5 times
tartar
4 years, 10 months ago
A is ok
upvoted 2 times
...
...
vrana
5 years, 2 months ago
I agree. Since it says MFA is needed when user login from those countries, I guess it leads to condiotnal access which is part of Identity protection. hence A looks correct to me too. PIM enables just in time and you can not fine control it.
upvoted 1 times
...
NKnab
5 years, 1 month ago
no. pim is for just in time access
upvoted 1 times
...
...
Karls
Highly Voted 5 years, 8 months ago
B is correct. Azure AD Privileged Identity Management provides time-based and approval-based ROLE. You choose a role from the subscription and add users/groups that we want to give more accesses during a period of time. You can't require MFA with this tool. For achive MFA from countries, we need to used configure a risk with Identity Protection and a Conditional access rule.
upvoted 23 times
...
us3r
Most Recent 3 years, 6 months ago
Selected Answer: B
no conditional access required
upvoted 1 times
...
kiwi123
4 years, 1 month ago
No as good as is conditional access but can meet the request
upvoted 1 times
kiwi123
4 years, 1 month ago
Not* A is okay
upvoted 1 times
...
...
ffffffffdeeeeeeeeeeee
4 years, 2 months ago
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure What does it do? Enforce multi-factor authentication to activate any role
upvoted 1 times
...
sallymaher
4 years, 4 months ago
PIM is ok as long as the question didn't say "ONLY'' those countries PIM will force 2fa from these countries and others , so it meets the requirements .
upvoted 1 times
...
namco23
4 years, 4 months ago
Ignore A Tested
upvoted 1 times
...
glam
4 years, 6 months ago
B. No.
upvoted 3 times
glam
4 years, 5 months ago
A. Yes Ignore B
upvoted 1 times
...
...
sanketshah
4 years, 7 months ago
A is correct answer
upvoted 1 times
...
petermogaka91
4 years, 10 months ago
"You need to ensure that all login attempts to the Azure portal from those countries require Azure Multi-Factor Authentication (MFA)" You can only activate your PIM after logging in to the portal, unless i'm wrong. Hence answer should be no
upvoted 2 times
...
Wildsheep
4 years, 11 months ago
Wouldn't you need a Sign-In risk policy for this?
upvoted 3 times
...
Gianlucag77
4 years, 11 months ago
the answer is NO for me the solutoin is Conditional access + MFA (requires Premium P1) https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa
upvoted 4 times
...
Abim
4 years, 11 months ago
The answer is B. This would be a function of identity protection with conditional access. Privileged Identity Management is: Here are some of the key features of Privileged Identity Management: Provide just-in-time privileged access to Azure AD and Azure resources Assign time-bound access to resources using start and end dates Require approval to activate privileged roles Enforce multi-factor authentication to activate any role Use justification to understand why users activate Get notifications when privileged roles are activated Conduct access reviews to ensure users still need roles Download audit history for internal or external audit
upvoted 1 times
...
Anvip2016
5 years ago
Answer should be No, you can use Identity protection (sign-in policy) with conditional access policy. Azure AD Identity Protection detects a range of suspicious actions/risk events, and few are below- Sign-ins from anonymous IP addresses or Impossible travel to atypical locations*
upvoted 2 times
...
gboyega
5 years ago
Answer is Definitely B NO
upvoted 3 times
...
Neetiniti
5 years ago
Correct Answer: A. Enforce multi-factor authentication to activate any role. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
upvoted 1 times
Yannor
5 years ago
The question asks you to configure MFA for the connections from those countries, not for everything.
upvoted 3 times
...
...
DeveshSolanki
5 years, 1 month ago
No is answer
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel