ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.2: Authentication and AuthorizationIdentityPIMGovernance

AZ-305 · Question 11 · Domain 1.2: Authentication and Authorization

You are designing a privileged access strategy for your Azure environment.

Currently, 15 administrators have permanent 'Owner' role assignments on the root Management Group. This violates the principle of least privilege. You need to design a solution using Microsoft Entra Privileged Identity Management (PIM) to secure these administrative roles.

Which THREE configurations should you include in your PIM design? (Select THREE)

Answer options:

A.

Require justification on activation.

B.

Require MFA on activation.

C.

Configure eligible assignments instead of active assignments.

D.

Create a Conditional Access policy to block access to the Azure Portal.

E.

Assign the 'Owner' role to a Service Principal instead of users.

F.

Configure Azure AD Identity Protection to require password resets daily.

How to approach this question

Identify PIM features that enforce Just-In-Time (JIT) access and add security gates to the elevation process.

Full Answer

Require justification on activation, Require MFA on activation, Configure eligible assignments instead of active assignments
To implement Just-In-Time (JIT) access and remove permanent standing privileges, administrators should be given 'Eligible' assignments in PIM rather than 'Active' assignments. When they need to perform a task, they activate the role. To secure this activation, PIM should be configured to require Multi-Factor Authentication (MFA) and a business justification for auditing purposes.

Common mistakes

Confusing 'Active' assignments (which are permanent) with 'Eligible' assignments (which require activation).
10All questions12

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 4

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01CASE STUDY: Tailspin Toys Tailspin Toys is a global manufacturing company with 50,000 employees ...MediumQ02CASE STUDY: Tailspin Toys Tailspin Toys is a global manufacturing company with 50,000 employees ...MediumQ03CASE STUDY: Tailspin Toys Tailspin Toys is a global manufacturing company with 50,000 employees ...HardQ04CASE STUDY: Tailspin Toys Tailspin Toys is a global manufacturing company with 50,000 employees ...MediumQ05CASE STUDY: Tailspin Toys Tailspin Toys is a global manufacturing company with 50,000 employees ...Hard
View all 55 questions →