ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 4 question 90 discussion

Actual exam question from Microsoft's MS-500
Question #: 90
Topic #: 4
[All MS-500 Questions]

HOTSPOT -
You have a Microsoft 365 E5 subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains three groups named Group1, Group2, and Group3 and the users shown in the following table.

You create a new access package as shown in the following exhibit.

You assign Package1 on June 1, 2021, by using die following configurations:
✑ Select users: User1, User2, User3
✑ Select policy: Initial policy
✑ Assignment starts: June 1, 2021
✑ Assignment ends: July 1, 2021
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Yes -

Box 2: No -
Lifecycle, Access package assignments expires: After 10 days

Box 3: Yes -
The access package resource roles includes: Group3 Member
Note: Entitlement management introduces to Azure AD the concept of an access package. An access package is a bundle of all the resources with the access a user needs to work on a project or perform their task. Access packages are used to govern access for your internal employees, and also users outside your organization.
Here are the types of resources you can manage user's access to, with entitlement management:
Membership of Azure AD security groups
Membership of Microsoft 365 Groups and Teams
Assignment to Azure AD enterprise applications, including SaaS applications and custom-integrated applications that support federation/single sign-on and/or provisioning
Membership of SharePoint Online sites
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview
by billo79152718 at Sept. 16, 2022, 8:48 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Wigoth
2 years ago
For me: N User1 is not in grp2- Y the Assignment ends overlap the expire - N at least User1 is not in GRP3 Over all: To directly assign users, the access package must have a policy that allows administrator direct assignments and our we have set Group 2 as who cat request. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-assignments Specific users and groups Choose this option if you want only the users and groups in your directory that you specify to be able to request this access package. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-create
upvoted 1 times
...
noppy
2 years, 2 months ago
I think it's YYY 1 - User1 is selected user (has access for 10 days) 2 - User2 doesn't have access in 15 June(Access is expired on 10 June) but can access once user2 request access (No approval required) / This is the reason why User2 can access but I don't think has access 3 - User1,2,3 are member of group3 according to Resource rules (https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-first)
upvoted 1 times
...
Dzuljzebari
2 years, 4 months ago
Answers are correct, Chris7910 expained it correctly.
upvoted 1 times
...
cld475
2 years, 6 months ago
It should be Y-Y-Y because: 1 - User 1 was selected for an assignment from beginning of June until the beginning of July 2 - So was User 2 and in mid of June he will still have access because as just mentioned the assignment expires on 1st of July and that has overwritten the ten days expiration by the default policy of the access package. (Just checked that in az portal) 3 - Group 3 is included in the access package and that's why all three users are members during the assignment.
upvoted 4 times
...
bac0n
2 years, 6 months ago
https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-first This article explains the third answer. If a user is made and granted access to an access package, they will become a member of the assigned security group to the package. So the answers are correct.
upvoted 1 times
...
EzeQ
2 years, 7 months ago
My view - student - is 1 - N - because as unicorn02 points, user 1 is not a member of group 2 2 - Y - user 2 is member of group 2 and the policy ends only in july 3 - N - Only the users that activate the package will be members of Group 3 - At least user 1 won't be included
upvoted 4 times
...
Unicorn02
2 years, 7 months ago
Not sure here. It says "Users who can request":Group2 So User1 is not allowed to request access to the Package (User is in Group1 only!). Thus I would say: N-N-N
upvoted 2 times
...
pete26
2 years, 9 months ago
I agree with the first two answers. Anyone can provide a better explanation as to why User1, User2, and User3 are members of Group3?
upvoted 2 times
Chris7910
2 years, 8 months ago
Because Group3 is part of the access package assigned to the users
upvoted 3 times
...
...
billo79152718
2 years, 9 months ago
Given answers are correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel