Question 1

A healthcare enterprise is migrating its infrastructure to Azure. They have strict compliance requirements regarding administrative access.

You need to design an identity solution that meets the following requirements:
- Administrators must only have elevated privileges when actively performing tasks (Just-In-Time access).
- Administrators must provide a business justification and receive approval before gaining elevated privileges.
- Administrators must be forced to use Multi-Factor Authentication (MFA) when activating their elevated roles.
- The solution must apply to Azure Resource Manager (ARM) roles (e.g., Owner, Contributor).

Which combination of services should you recommend?

Accepted Answer

Identify the requirement for Just-In-Time (JIT) access for Azure roles (not network ports). PIM is the Microsoft Entra service for this.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Confusing Defender for Cloud JIT VM Access (which controls NSG rules for RDP/SSH) with PIM (which controls RBAC role assignments).

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1

More questions from this exam