ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-300 All Questions

View all questions & answers for the AZ-300 exam
Go to Exam

Exam AZ-300 topic 16 question 6 discussion

Actual exam question from Microsoft's AZ-300
Question #: 6
Topic #: 16
[All AZ-300 Questions]

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You purchase an Azure Directory Premium P2 license for contoso.com.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
✑ Conduct access reviews to ensure users still need roles
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
by dumpmaster at Nov. 22, 2019, 1:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Benkyoujin
Highly Voted 5 years, 6 months ago
Stupid question. PIM required, which itself requires P2. Hope they don’t ask this one as it’s a bogus question.
upvoted 12 times
PDR
5 years, 4 months ago
agree this question / series of questions is a bit stupid. Access reviews & PIM both require P2 but there is no mention of which licence level there is so you cannot know for the the other question so impossible to answer really. Of course just buying the licence isnt going to configure itself but how are supposed to know what it is implying
upvoted 2 times
...
RPAL
5 years, 5 months ago
PIM and Access Reviews are two different things.. but yes, if you need to review for PIM access, you would need PIM https://azure.microsoft.com/en-us/pricing/details/active-directory/
upvoted 2 times
...
...
PierroD
Highly Voted 5 years ago
Microsoft update says "No licenses are required for the users with the Global Administrator or User Administrator roles that set up access reviews, configure settings, or apply the decisions from the reviews." but the question says "Access reviews settings are unavailable.", so the question doesn't use the update. The prerequisites are : Azure AD Premium P2 Global administrator or User administrator ... so Yes, need to purchase Azure Directory Premium P2.
upvoted 6 times
...
uellington
Most Recent 4 years, 1 month ago
https://campbell.scot/getting-started-with-azure-ad-identity-governance-part-3-privileged-identity-management-pim/ PIM is an Azure AD P2 feature that enables just-in-time (JIT) admin rights in Azure and Azure AD. The correct option for this series of questions is: Solution: You consent to Azure AD Privileged Identity Management (PIM). It was possible to consent it, which means that the pre-requisite already exists. Other solutions: Solution: You assign the Global administrator role to Admin1. (wrong, it is just one of the requirements.) Solution: You purchase an Azure Directory Premium P2 license for contoso.com. (wrong, it is just one of the requirements.)
upvoted 1 times
...
RoryGates
4 years, 8 months ago
All these PIM questions are wrong. 1.- User Admin nor Global Admin do not require a P2 license, only when they delegate the review to another user. 2.- PIM requires a P2. So the reason Admin1 can't perform an access review is a system malfunction.
upvoted 1 times
...
arseyam
4 years, 9 months ago
Guys, read this article https://campbell.scot/getting-started-with-azure-ad-identity-governance-part-2-access-reviews/
upvoted 2 times
...
gboyega
4 years, 11 months ago
Kind of tricky You need P2 license to use Access Review. So the answer should be A
upvoted 3 times
...
azureexaminer
4 years, 11 months ago
Issue : A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. In other words, admin1 does not have permission to create access reviews. For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged role administrator or Global administrator role can manage assignments for other administrators. You can grant access to other administrators to manage Privileged Identity Management. Global Administrators, Security Administrators, Global readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management. (https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure) So my answer is A (Yes).
upvoted 1 times
...
thirstylion
5 years ago
B is correct. Azure AD Premium P2 licenses are not required for the following tasks: No licenses are required for the users with the Global Administrator or User Administrator roles that set up access reviews, configure settings, or apply the decisions from the reviews.
upvoted 1 times
...
jivom
5 years ago
The answer provided is correct, if you are global admin or user administrator you will NOT be required to purchase a P2 license in order to do an access review, the downside is is that they will manually have to review things themselves, otherwise they'll need to assign P2 licenses to other users. P2 license are only required for the reviewers, or in case people self-review. Look at the example license scenarios here: https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview . So in short, upgrading to P2 is not required, but it will help in making the access review do-able on larger scale (now the user administrator will have to do the reviewing himself).
upvoted 2 times
...
cacasodo
5 years ago
And it doesn't help that these statements from here: https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review Prerequisites Azure AD Premium P2 Global administrator or User administrator Conflict with these statements from here: https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#license-requirements Azure AD Premium P2 licenses are not required for the following tasks: No licenses are required for the users with the Global Administrator or User Administrator roles that set up access reviews, configure settings, or apply the decisions from the reviews.
upvoted 1 times
...
DeepuDN
5 years ago
It states that "Admin1 discovers that all the other Identity Governance settings are available.", means the Licence is already P2. In addition to P2, User needs to be a Global Admin or User Admin. I think, given answer is correct.
upvoted 4 times
...
vic88sanchez
5 years, 1 month ago
This is a very tricky question and i played in the azure portal with this and thinking thru it all. I think the answer is no to all the questions because you dont know if a license exists or consent was executed. The only one that could have an answer of Yes is " you need to consent" and this is only doable if you have a P2 license.
upvoted 1 times
...
milind8451
5 years, 1 month ago
Preimum P1 is 1 pre-requisite, other requirement is to elevate user1 to Global admin else he won't be able to create "Access Reviews" under "Identity Givernance". "NO" is right answer.
upvoted 1 times
...
Gorha
5 years, 2 months ago
Yes, PIM requires AD P2
upvoted 1 times
...
SilentH
5 years, 3 months ago
This is a poorly worded and misleading question. One needs Azure AD Premium 2 in order to access PIM so the answer seems like it should be "yes" but I don't think that's the intent of the question. If anyone gets this question on the test, I think the answer to give is "no".
upvoted 1 times
...
dumpmaster
5 years, 6 months ago
I think yes, because the requirement for access review is AD Premium 2. https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
upvoted 3 times
JatinA
5 years, 6 months ago
I guess, just by upgrading to premium 2 will not help. Further steps are required.
upvoted 1 times
tartar
4 years, 8 months ago
A is ok
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel