ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 74 discussion

Actual exam question from Microsoft's MS-500
Question #: 74
Topic #: 1
[All MS-500 Questions]

HOTSPOT -
You have a Microsoft 365 tenant.
A conditional access policy is configured for the tenant as shown in the Policy exhibit. (Click the Policy tab.)

The User Administrator role is configured as shown in the Role setting exhibit. (Click the Role setting tab.)

The User Administrator role has the assignments shown in the Assignments exhibit. (Click the Assignments tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Yes -
In this scenario the User Administrator role is require justification on active assignment.

Require justification -
You can require that users enter a business justification when they activate. To require justification, check the Require justification on active assignment box or the
Require justification on activation box.

Box 2: Yes -
Activation maximum duration is 8 hours.

Box 3: Yes -
Require multifactor authentication
Privileged Identity Management provides enforcement of Azure AD Multi-Factor Authentication on activation and on active assignment.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings
by billo79152718 at Sept. 15, 2022, 12:08 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ariania
Highly Voted 2 years, 8 months ago
I notice one small diffrence this time around, it should be Y Y Y As i first stated, this due to the "assignment" field, second from bottom: "require MFA on Activation of the role". I cant edit or remove previously reply. sorry!
upvoted 7 times
...
ColmTheMeanie
Most Recent 2 years, 4 months ago
User may not be prompted for multi-factor authentication if they authenticated with strong credential or provided multi-factor authentication earlier in this session.
upvoted 3 times
...
ChachaChatra
2 years, 5 months ago
Valid on28/01/23
upvoted 4 times
...
IT_Nerd31
2 years, 5 months ago
The answer is YYN, Just tested in my environment. It is NOT YYY.
upvoted 4 times
...
ariania
2 years, 8 months ago
I would belive Y Y Y But when i tested it in my lab, i was only prompted for MFA once in this chain - the only diffrence was i did not have an "All User MFA CA" active, only MFA via M365 admin center on the specific user. Can anyone confirm?
upvoted 1 times
ariania
2 years, 8 months ago
Ive done extensive testing, in lab it comes out as: Y Y N - Its already satisfied from logging in to Azure Portal (all users - all app CA)
upvoted 12 times
ariania
2 years, 8 months ago
This is correct, after talking to Microsoft representative: So you will not get promoted twice as you just got promted when logging in to Azure Portal (all users/all apps). "you only get prompted per session and not activation."
upvoted 3 times
...
...
...
billo79152718
2 years, 9 months ago
No - Role is already activated. Yes - Correct! No - Role is already activated
upvoted 4 times
xyz213
2 years, 9 months ago
Careful. User Assignments is under "Eligible Assignments" so these Users are permantly allowed to activate the role. Role is not permanently active for them (Would be under "Active Assignments") So Y/Y/Y is correct.
upvoted 14 times
Daniel830
2 years, 9 months ago
That's right. Thank you for clarifying it, I had the same doubt.c
upvoted 2 times
...
...
yoton
2 years, 5 months ago
really bro
upvoted 1 times
...
Snoopy70
2 years, 7 months ago
I agree here. All these roles are activated. The view is not from the end user with the admin role.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel