AZ-301 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-301 Exam - Question 177

HOTSPOT -

You are designing an access policy for the sales department at your company.

Occasionally, the developers at the company must stop, start, and restart Azure virtual machines. The development team changes often.

You need to recommend a solution to provide the developers with the required access to the virtual machines. The solution must meet the following requirements:

✑ Provide permissions only when needed.

✑ Use the principle of least privilege.

Minimize costs.

Exam AZ-301 Question 177

What should you include in the recommendation? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

Exam AZ-301 Question 177
Show Answer
Correct Answer:
Exam AZ-301 Question 177

Discussion

9 comments
Sign in to comment
Ekramy_Elnaggar
Jan 16, 2020

This is a repeated question: https://www.examtopics.com/exams/microsoft/az-301/view/22

JohnAvlakiotis
Feb 11, 2020

Repetition is the mother of all learning :)

joehoesofat
Feb 19, 2022

repeated where? - edit find - only when- and what comes up here? https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure P2 JIT

pandeya442
May 14, 2020

Repeated question- P2 PIM

Test_Taker_1
Aug 22, 2020

Should be PIM as "The development team changes often." that means we need to frequently review what users have access to start/stop.

alibob
Jan 11, 2020

Second should be Just in time.

bbbb
Feb 6, 2020

Disagree, JIT would provide unnecessary access to the vms. PIM would allow stopping/starting of vms from the portal without exposing the vms further. Doing these tasks does not require someone to log onto the server. Also JIT requires the Security Center standard tier which probably works out more costlier depending on the number of vms.

mpknz
Feb 15, 2020

PIM is a service not a feature. PIM includes several features including JIT access for administrative tasks. I believe you could use JIT as part of PIM to just allow access to restart by allowing elevation to a custom role. JIT is also available as a feature of Security Center but as far as I know you can use JIT as part of PIM with a p2 license without the additional security center standard tier licensing although this is hard to confirm from the documentation.

mpknz
Feb 15, 2020

one other thought. JIT VM access in the answers doesn't have to mean logon access to the VMs. The question also uses the phrase required access. In both cases saying permissions or privileges would be less confusing.

tartar
Sep 20, 2020

Premium P2 Privileged Identity Management for the Azure resources

tartar
Sep 20, 2020

Premium P2 Privileged Identity Management for the Azure resources

mpknz
Feb 15, 2020

one other thought. JIT VM access in the answers doesn't have to mean logon access to the VMs. The question also uses the phrase required access. In both cases saying permissions or privileges would be less confusing.

tartar
Sep 20, 2020

Premium P2 Privileged Identity Management for the Azure resources

Wildsheep
Jul 18, 2020

You are thinking of Just In Time network access from Security Center... PIM Just in Time access is a different thing

a_Ri
Sep 28, 2020

exactly..... just in time VM access is not in PIM and doesn’t support privilege assignments.

tartar
Sep 20, 2020

Premium P2 Privileged Identity Management for the Azure resources

a_Ri
Sep 28, 2020

exactly..... just in time VM access is not in PIM and doesn’t support privilege assignments.

joehoesofat
Feb 19, 2022

jit am pm are both ps features- - "edit find"- only when- and what comes up here? https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure P2 JIT

mpknz
Feb 15, 2020

PIM is a service not a feature. PIM includes several features including JIT access for administrative tasks. I believe you could use JIT as part of PIM to just allow access to restart by allowing elevation to a custom role. JIT is also available as a feature of Security Center but as far as I know you can use JIT as part of PIM with a p2 license without the additional security center standard tier licensing although this is hard to confirm from the documentation.

mpknz
Feb 15, 2020

one other thought. JIT VM access in the answers doesn't have to mean logon access to the VMs. The question also uses the phrase required access. In both cases saying permissions or privileges would be less confusing.

tartar
Sep 20, 2020

Premium P2 Privileged Identity Management for the Azure resources

tartar
Sep 20, 2020

Premium P2 Privileged Identity Management for the Azure resources

mpknz
Feb 15, 2020

one other thought. JIT VM access in the answers doesn't have to mean logon access to the VMs. The question also uses the phrase required access. In both cases saying permissions or privileges would be less confusing.

tartar
Sep 20, 2020

Premium P2 Privileged Identity Management for the Azure resources

Wildsheep
Jul 18, 2020

You are thinking of Just In Time network access from Security Center... PIM Just in Time access is a different thing

a_Ri
Sep 28, 2020

exactly..... just in time VM access is not in PIM and doesn’t support privilege assignments.

tartar
Sep 20, 2020

Premium P2 Privileged Identity Management for the Azure resources

a_Ri
Sep 28, 2020

exactly..... just in time VM access is not in PIM and doesn’t support privilege assignments.

joehoesofat
Feb 19, 2022

jit am pm are both ps features- - "edit find"- only when- and what comes up here? https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure P2 JIT

Wildsheep
Jul 18, 2020

I think it's JIT because just enabling PIM without configuring JIT access will not meet the results

Wildsheep
Aug 21, 2020

Actually, it's a different JIT... we need just-in- time JIT Privileged access NOT JIT VM Access, these are 2 different things.

DeveshSolanki
Jun 30, 2020

May be PIM OR JIT as JIT is feature within PIM

Nitink
Jul 2, 2020

JIT is for security group blocking and allowing for specific time. The question asked about stop/start of vm. So I will go with PIM

sanketshah
Jan 3, 2021

Premium P2 JIT is correct answer.

Jinder
Jan 15, 2021

Premium P2 Privileged Identity Management for the Azure resources Just in time VM, access is completely different from Just in time Privileged access, but here they specifically gave the option "Just in time VM access" which can not be correct answer.