Plan and automate identity governance Questions
Practice questions for Plan and automate identity governance topic in Microsoft Certified: Identity and Access Administrator Associate. 50 questions covering this domain.
A security operations team wants Microsoft Entra sign-in, audit, and provisioning logs streamed to an external SIEM platform in near real time. Which ...
After a privileged access incident, auditors want to review who activated roles, who approved them, and when the changes occurred. Which PIM feature s...
An analyst wants to query sign-in and audit logs with Kusto Query Language in a central workspace. What should the administrator configure as a diagno...
Which Microsoft Entra feature is used to periodically recertify whether people should keep access to groups, apps, or roles?
A team wants privileged group membership to be eligible, time-bound, and approval-based rather than always active. Which Microsoft Entra capability su...
A legal team requires external users to accept a usage statement before they can access certain resources. Which feature should be configured?
A supplier organization needs to request access packages in your tenant through entitlement management. Which object should represent that partner org...
Which Microsoft Entra entitlement management object bundles access to apps, groups, and SharePoint sites into a requestable unit?
Which Microsoft Entra service provides just-in-time and eligible assignment workflows for privileged roles?
Before creating access packages, an administrator wants to organize the shared apps, groups, and sites that will be offered. Which entitlement managem...
A company needs two emergency administrator accounts that remain available if approval workflows or PIM are unavailable during an outage. What is the ...
A security manager wants a prioritized set of recommendations that shows how to improve the tenant's identity security posture. Which feature should b...
A compliance team wants to clean up inactive guest users across the tenant by reviewing and removing those who haven't signed in for 90+ days. Which a...
Which feature lets a reviewer approve or deny user access during recurring access reviews based on system recommendations like "inactive for 30 days"?
An access package must enforce that a user cannot hold both "Finance Auditor" and "Finance Approver" access at the same time. Which entitlement manage...
An owner needs eligible just-in-time activation for a specific Azure subscription's Contributor role. Which PIM scope should be used?
Which Microsoft Entra capability automates joiner-mover-leaver tasks (e.g., enabling accounts, sending welcome emails, removing access) on schedule or...
Which Microsoft Entra service provides multicloud (Azure/AWS/GCP) cloud infrastructure entitlement management (CIEM) to detect and remediate excess pe...
An admin wants to know whenever a privileged role is activated outside of normal hours or when role assignments change unexpectedly. Which capability ...
A lifecycle workflow needs to call an external HR API to perform a custom step (e.g., post a Slack message and write to a ticketing system) when a use...
Sign in to see all 50 questions
Create a free account to browse all questions — completely free during our launch phase.