ExpertHard1 markMultiple Choice
AZ-305 · Question 05 · Domain 1.2: Authentication and Authorization
A healthcare enterprise is migrating its infrastructure to Azure. They have strict compliance requirements regarding administrative access.
You need to design an identity solution that meets the following requirements:
- Administrators must only have elevated privileges when actively performing tasks (Just-In-Time access).
- Administrators must provide a business justification and receive approval before gaining elevated privileges.
- Administrators must be forced to use Multi-Factor Authentication (MFA) when activating their elevated roles.
- The solution must apply to Azure Resource Manager (ARM) roles (e.g., Owner, Contributor).
Which combination of services should you recommend?
A healthcare enterprise is migrating its infrastructure to Azure. They have strict compliance requirements regarding administrative access.
You need to design an identity solution that meets the following requirements:
- Administrators must only have elevated privileges when actively performing tasks (Just-In-Time access).
- Administrators must provide a business justification and receive approval before gaining elevated privileges.
- Administrators must be forced to use Multi-Factor Authentication (MFA) when activating their elevated roles.
- The solution must apply to Azure Resource Manager (ARM) roles (e.g., Owner, Contributor).
Which combination of services should you recommend?
Answer options:
A.
Microsoft Entra Privileged Identity Management (PIM) and Conditional Access.
B.
Azure AD Identity Protection and Azure Blueprints.
C.
Azure Policy and Microsoft Entra ID Governance.
D.
Microsoft Defender for Cloud JIT VM Access and Conditional Access.
How to approach this question
Identify the requirement for Just-In-Time (JIT) access for Azure roles (not network ports). PIM is the Microsoft Entra service for this.
Full Answer
A.Microsoft Entra Privileged Identity Management (PIM) and Conditional Access.✓ Correct
Microsoft Entra Privileged Identity Management (PIM) is designed to mitigate the risks of standing administrative access. It provides Just-In-Time (JIT) role activation, requires business justifications, supports approval workflows, and can enforce MFA (via Conditional Access authentication context) when a user activates an Azure resource role (like Contributor) or an Entra ID role (like Global Admin).
Common mistakes
Confusing Defender for Cloud JIT VM Access (which controls NSG rules for RDP/SSH) with PIM (which controls RBAC role assignments).
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 1
55 questions · hints · full answers · grading
More questions from this exam
Q01Contoso Ltd is a global financial institution with 80 Azure subscriptions spread across 4 managem...MediumQ02Fabrikam Inc. operates a hybrid cloud environment with 500 on-premises VMware virtual machines ru...HardQ03A startup company has a single Azure subscription with a monthly budget of $5,000.
The CFO want...EasyQ04You are designing an Azure Sentinel architecture for a Managed Security Service Provider (MSSP). ...MediumQ06Woodgrove Bank is developing two new web applications hosted on Azure App Service:
1. Partner Po...Medium