ExpertHard1 markMultiple Choice
AZ-305 · Question 07 · Domain 1.2: Authentication and Authorization
Your company frequently collaborates with external vendors. You use Microsoft Entra External ID (B2B collaboration) to grant vendor identities access to internal Azure resources and applications.
The compliance team has raised concerns about 'stale' guest accounts. They require a solution that:
- Automatically asks vendors to verify if they still need access every 90 days.
- Automatically removes access if the vendor does not respond.
- Allows internal project managers to approve or deny continued access.
Which TWO features should you configure to meet these requirements? (Select TWO)
Your company frequently collaborates with external vendors. You use Microsoft Entra External ID (B2B collaboration) to grant vendor identities access to internal Azure resources and applications.
The compliance team has raised concerns about 'stale' guest accounts. They require a solution that:
- Automatically asks vendors to verify if they still need access every 90 days.
- Automatically removes access if the vendor does not respond.
- Allows internal project managers to approve or deny continued access.
Which TWO features should you configure to meet these requirements? (Select TWO)
Answer options:
A.
Access Reviews
B.
Entra ID Governance
C.
Conditional Access session controls
D.
Privileged Identity Management (PIM)
E.
Azure AD Identity Protection
How to approach this question
Identify the feature used for periodic auditing of access and the overarching licensing/feature suite it belongs to.
Full Answer
Microsoft Entra ID Governance includes the 'Access Reviews' feature. Access Reviews can be configured to run periodically (e.g., every 90 days), target guest users, require users or sponsors (project managers) to attest to the need for continued access, and automatically revoke access if there is no response.
Common mistakes
Selecting Conditional Access. While CA can force re-authentication, it cannot automatically remove a user's group memberships or access rights based on a lack of response.
Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2
55 questions · hints · full answers · grading
More questions from this exam
Q01Fabrikam Inc. is a global financial services company with 200 Azure subscriptions managed via a c...HardQ02A healthcare organization has 500 on-premises Windows Server VMs and 300 Azure VMs. They are impl...HardQ03You are designing a security monitoring solution using Microsoft Sentinel.
The compliance depar...EasyQ04Your company has a microservices application deployed across multiple Azure App Service instances...MediumQ05A defense contractor is migrating to Microsoft 365 and Azure. They have a strict security policy ...Hard