AZ-305 Azure Identity and Access Management Design 2

Question 1

Which Azure AD feature would you use to automatically grant or revoke users' access to applications based on their job role attributes?

Accepted Answer

Entitlement Management access packages

Answer

Entitlement Management access packages bundle resources and define policies for who can request them and how long they retain access.

Question 2

A multi-tenant SaaS application needs to authenticate users from thousands of different Azure AD tenants. What is the recommended design?

Accepted Answer

Register the app as a multi-tenant application in Azure AD

Answer

Registering an app as multi-tenant allows users from any Azure AD tenant to consent and sign in without requiring guest account creation.

Question 3

Your security team requires that stale guest accounts be automatically removed after 90 days of inactivity. Which feature enables this?

Accepted Answer

Azure AD Access Reviews

Answer

Azure AD Access Reviews can be configured to periodically evaluate guest account activity and automatically remove inactive accounts.

Question 4

Which Azure AD license tier is required to use both Privileged Identity Management and Identity Protection features?

Accepted Answer

Azure AD Premium P2

Answer

Both PIM and Identity Protection are Azure AD Premium P2 features that require that specific license tier.

Question 5

A company wants to prevent users from enrolling personal devices in Azure AD and require only compliant corporate devices for cloud app access. Which two features should you combine?

Accepted Answer

Intune device compliance policies + Conditional Access

Answer

Intune enforces device compliance standards and Conditional Access can then require a compliant device before granting access to cloud apps.

AZ-305 - Designing Microsoft Azure Infrastructure Solutions Practice Test

AZ-305 - Designing Microsoft Azure Infrastructure Solutions Practice Test

AZ-305 Azure Identity and Access Management Design 2