ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.2: Authentication and AuthorizationDomain 1.2PIMRBAC

AZ-305 · Question 07 · Domain 1.2: Authentication and Authorization

You are designing a privileged access strategy for Azure subscriptions. Administrators must not have standing access to the 'Owner' role. When they need 'Owner' access, they must request it, provide a justification, and receive approval from a manager. The access must automatically expire after 4 hours. Which TWO components are required to implement this? (Select TWO)

Answer options:

A.

Azure Blueprints.

B.

Microsoft Entra Privileged Identity Management (PIM).

C.

Azure Policy.

D.

Eligible role assignments.

E.

Conditional Access session controls.

How to approach this question

Identify the service for Just-In-Time access and the specific assignment type it uses.

Full Answer

B,D
Privileged Identity Management (PIM) is used to eliminate standing access. To use it, users are given 'Eligible' role assignments, which they must activate (with justification/approval) for a limited time.

Common mistakes

Selecting Conditional Access, which handles sign-in risk but not role activation workflows.
06All questions08

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 6

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd is a global manufacturing company with 50,000 employees. They operate a mix of on-pre...MediumQ02A financial institution has 500 Windows Server VMs on-premises and 200 VMs in Azure. They need to...HardQ03An enterprise uses Azure Sentinel and Log Analytics. They ingest 500 GB of logs daily. The IT bud...HardQ04You are designing a monitoring strategy for a new Azure deployment consisting of App Service, Azu...EasyQ05A healthcare company uses Microsoft Entra ID (Azure AD). They need to implement a security policy...Medium
View all 55 questions →