Which role should you assign to User1?

MS-500 0 Comments

Topic 3, Contoso, Ltd

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

The company has the offices shown in the following table.

Contoso has IT, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft 365.

Existing Environment

Infrastructure

The network contains an Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant. Password writeback is enabled.

The domain contains servers that run Windows Server 2016. The domain contains laptops and desktop computers that run Windows 10 Enterprise.

Each client computer has a single volume.

Each office connects to the Internet by using a NAT device.

The offices have the IP addresses shown in the following table.

Named locations are defined in Azure AD as shown in the following table.

From the Multi-Factor Authentication page, an address space of 198.35.3.0/24 is defined in the trusted IPs list. Azure Multi-Factor Authentication (MFA) is enabled for the users in the finance department.

The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

Customer Lockbox is enabled in Microsoft 365.

Microsoft Endpoint Manager Configuration

The devices enrolled in Microsoft Endpoint Manager are configured as shown in the following table.

The device compliance policies in Microsoft Endpoint Manager are configured as shown in the following table.

The device compliance policies have the assignments shown in the following table.

The Mark devices with no compliance policy assigned as setting is set to Compliant.

Requirements

Technical Requirements

Contoso identifies the following technical requirements:

– Use the principle of least privilege

– Enable User1 to assign the Reports reader role to users

– Ensure that User6 approves Customer Lockbox requests as quickly as possible

– Ensure that User9 can enable and configure Azure AD Privileged Identity Management

Which role should you assign to User1?
A . Global administrator
B . User administrator
C . Privileged role administrator
D . Security administrator

Answer: D

Explanation: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-give-access-to-pim

Latest MS-500 Dumps Valid Version with 193 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download MS-500 PDF     MS-500 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments