AZ-305 · Question 08 · Domain 1.2: Authentication and Authorization
You are designing an administrative access strategy for Azure resources using Microsoft Entra Privileged Identity Management (PIM).
You have a resource group named 'RG-Production'. A team of developers needs the 'Virtual Machine Contributor' role on this resource group to troubleshoot issues, but they should only have this access when actively working on an approved support ticket.
You need to ensure that when developers activate the role, a manager must explicitly approve the activation. Furthermore, the developers must provide the support ticket number during activation.
How should you configure the PIM role settings for 'Virtual Machine Contributor' on 'RG-Production'?
Answer options:
Set activation to require MFA, require justification, and set the maximum activation duration to 8 hours.
Set activation to require approval, require justification, and assign the manager as the approver.
Create an Azure Logic App that triggers on role activation and sends an email to the manager.
Assign the developers as 'Eligible' and the manager as 'Active' for the role.
55 questions · hints · full answers · grading
Expert