Question 1

You are designing an identity governance solution for a large enterprise using Microsoft Entra ID (Azure AD).

The security team requires that any user attempting to access the Azure Portal to perform administrative tasks must:
1. Be prompted for Multi-Factor Authentication (MFA).
2. Provide a business justification.
3. Have their access automatically revoked after 4 hours.

Which combination of services should you implement?

Accepted Answer

Match the requirements to the specific capabilities of Entra ID features: time-bound/justification = PIM; MFA enforcement = Conditional Access.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Confusing Identity Protection with PIM. Identity Protection is for risk-based policies (e.g., leaked credentials), not JIT access.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2

More questions from this exam