ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 59 discussion

Actual exam question from Microsoft's MS-500
Question #: 59
Topic #: 1
[All MS-500 Questions]

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You configure the Security Operator role in Azure AD Privileged Identity Management (PIM) as shown in the following exhibit.

You add assignments to the Security Operator role as shown in the following table.

Which users can activate the Security Operator role?

  • A. User2 only
  • B. User3 only
  • C. User1 and User2 only
  • D. User2 and User3 only
  • E. User1, User2, and User3
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Mikeee10 at Sept. 3, 2022, 11:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
xyz213
Highly Voted 2 years, 9 months ago
For me it is C "User1 and User2 only": https://docs.microsoft.com/en-us/answers/questions/529070/user-mfa-is-disabled-however-pim-activation-is-ask.html "PIM takes precedence and will override any other MFA settings" User3 cannot explicitly activate the role.
upvoted 15 times
BoxGhost
2 years, 6 months ago
I agree but for a different reason. It states it will require the user to use 'Azure MFA'. The fact that MFA is disabled for the user is irrelevent since you don't enable Azure MFA using the legacy portal anyway, it's enforced by conditional access or other conditions such as this.
upvoted 1 times
...
doody
2 years, 6 months ago
I tested it and the answer is User 1 and User 2
upvoted 1 times
...
tibodenbeer
2 years, 6 months ago
PIM takes precedent over MFA. I tested this in my trial tenant as well. I was able to activate the role for a user where MFA was disabled but I had to go through the MFA process to get the role enabled. Conclusion: Answer = C
upvoted 1 times
Citmerian
2 years ago
PIM takes precedent over MFA. OK Elegible vs active: https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
upvoted 1 times
Citmerian
2 years ago
C I'ts OK
upvoted 1 times
...
...
...
...
KrisyMay
Most Recent 2 years, 3 months ago
Selected Answer: D
The question says users and also makes mention of MFA, User 2 and 3 have MFA enabled and can therefore assign the role. User 1 can not assign role
upvoted 3 times
examdj101j
2 years, 2 months ago
This is correct by the way Microsoft Books, and reference guides state it. However it may not work in the environment based on many variables. D is the correct answer by measureUp prep as I use their services also.
upvoted 1 times
...
...
kimble3k
2 years, 5 months ago
Selected Answer: C
Because: 1. Active assignments don't require the member to activate the role before usage. Members assigned as active have the privileges assigned ready to use. This type of assignment is also available to customers that don't use Azure AD PIM 2. https://learn.microsoft.com/en-us/answers/questions/529070/user-mfa-is-disabled-however-pim-activation-is-ask.html
upvoted 4 times
...
examdog
2 years, 6 months ago
Selected Answer: C
Active assignments don't require the member to activate the role before usage. https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-assign-roles
upvoted 2 times
...
tibodenbeer
2 years, 6 months ago
Selected Answer: C
PIM takes precedent over MFA (https://learn.microsoft.com/en-us/answers/questions/529070/user-mfa-is-disabled-however-pim-activation-is-ask.html). I tested this in my trial tenant as well. I was able to activate the role for a user where MFA was disabled but I had to go through the MFA process to get the role activated. Conclusion: Answer = C
upvoted 2 times
...
skycrap
2 years, 6 months ago
Selected Answer: C
I go also for C: see comment of xyz213
upvoted 1 times
...
zied01
2 years, 6 months ago
The anwser is correct User 1 doesn't have MFA , and it is required to acivated the role like mentionned in the capture. Also the role will be activated only for 3 hours , after this period the user will be challenged to demand the role
upvoted 1 times
...
Wedge34
2 years, 7 months ago
Selected Answer: C
Answer is C "User1 and User2 only"
upvoted 1 times
...
Wedge34
2 years, 7 months ago
Selected Answer: C
For me it is C "User1 and User2 only"
upvoted 1 times
...
Trainee2244
2 years, 9 months ago
Question is little bit confusing to me. I did the scenario myself and only User1 needs to MFA. User2 can activate the Role without MFA and User3 can´t activate the because he´s Active.
upvoted 1 times
xyz213
2 years, 9 months ago
See my comment. I hope I am right with this and can clear this up. User1 can activate with MFA. User2 can activate (most likely without MFA because of "MFA caching") https://www.microsoftpartnercommunity.com/t5/Multi-Factor-Authentication-MFA/PIM-Role-Activation-amp-MFA-Enforcement/m-p/38009) User3 can´t activate the because he´s Active.
upvoted 1 times
...
...
Trainee2244
2 years, 9 months ago
i think User1 and User2 only, because User3 is already activated obviously and User1 will be MFA registered after he requests the role to autenticated this is a separate process from settings in the MFA per User Option
upvoted 4 times
...
pete26
2 years, 9 months ago
Selected Answer: D
User2 and User3. User3 may be already active, but the question asks which users can activate a role.
upvoted 2 times
MaartenC
2 years, 9 months ago
Well. since the User3 has the role permanently active,, this user is not able to activate it himself. So isnt User2 only the better answer?
upvoted 8 times
...
...
Mikeee10
2 years, 9 months ago
User 3 is already Active so doesn't need to activate the role. They would simply have the permissions without the need for activation. This would suggest User2 only but looking to see what anyone else thinks.
upvoted 3 times
MaartenC
2 years, 9 months ago
User3 cannot explicitly activate the role so i'm leaning towards User2 only as the answer. The question is simply not precise enough which is a pity as usual.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel