ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.2: Authentication and AuthorizationDomain 1IdentityPIMSecurity

AZ-305 · Question 08 · Domain 1.2: Authentication and Authorization

You are designing an administrative access strategy for Azure resources using Microsoft Entra Privileged Identity Management (PIM).

You have a resource group named 'RG-Production'. A team of developers needs the 'Virtual Machine Contributor' role on this resource group to troubleshoot issues, but they should only have this access when actively working on an approved support ticket.

You need to ensure that when developers activate the role, a manager must explicitly approve the activation. Furthermore, the developers must provide the support ticket number during activation.

How should you configure the PIM role settings for 'Virtual Machine Contributor' on 'RG-Production'?

Answer options:

A.

Set activation to require MFA, require justification, and set the maximum activation duration to 8 hours.

B.

Set activation to require approval, require justification, and assign the manager as the approver.

C.

Create an Azure Logic App that triggers on role activation and sends an email to the manager.

D.

Assign the developers as 'Eligible' and the manager as 'Active' for the role.

How to approach this question

Identify the native PIM features that map to 'manager approval' and 'ticket number input'.

Full Answer

B.Set activation to require approval, require justification, and assign the manager as the approver.✓ Correct
Set activation to require approval, require justification, and assign the manager as the approver.
Microsoft Entra PIM allows you to configure specific settings for role activations. To meet the requirements, you must edit the role settings for 'Virtual Machine Contributor' on the specific scope (RG-Production). You enable 'Require approval to activate' and specify the manager as the approver. You also enable 'Require justification on active assignment', which forces the developer to enter text (the ticket number) when requesting activation.

Common mistakes

Overcomplicating the solution with Logic Apps or confusing MFA requirements with Approval requirements.
07All questions09

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd has 50 subscriptions across 3 business units. Each business unit manages its own IT o...EasyQ02You are designing a monitoring solution for a hybrid environment. The environment consists of 200...MediumQ03Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ing...HardQ04You are designing an application monitoring strategy using Application Insights. The application ...MediumQ05A highly regulated financial institution is migrating to Microsoft 365 and Azure. They currently ...Hard
View all 55 questions →