Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-300 Exam - Topic 1 Question 120 Discussion

Actual exam question for Microsoft's SC-300 exam
Question #: 120
Topic #: 1
[All SC-300 Questions]

Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).

While you review the roles in PIM, you discover that all 15 users in the IT department at the company have

permanent security administrator rights.

You need to ensure that the IT department users only have access to the Security administrator role when

required.

What should you configure for the Security administrator role assignment?

Show Suggested Answer Hide Answer
Suggested Answer: D

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

by Katheryn at Nov 20, 2025, 09:59 PM

Limited Time Offer

25%

Off

Get Premium SC-300 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tasia
16 days ago
I feel B is too restrictive.
upvoted 0 times
...
Deane
21 days ago
A could work too, but not ideal.
upvoted 0 times
...
Whitney
26 days ago
It limits access to when needed.
upvoted 0 times
...
Beth
1 month ago
Why D?
upvoted 0 times
...
Whitney
1 month ago
I think D is the best choice.
upvoted 0 times
...
Willetta
1 month ago
Expiring active assignments sounds like a hassle, though.
upvoted 0 times
...
Kenny
2 months ago
Just to clarify, D means they can only use the role when needed, right?
upvoted 0 times
...
Cassie
2 months ago
Wait, all 15 users have permanent rights? That's a huge risk!
upvoted 0 times
...
Elmira
2 months ago
I disagree, B seems like a better option to keep things secure.
upvoted 0 times
...
Brandee
3 months ago
Definitely go with D, makes the most sense for temporary access.
upvoted 0 times
...
Barney
3 months ago
Option D is the way to go. Gotta keep those IT guys on a tight leash, you know?
upvoted 0 times
...
Polly
3 months ago
Haha, I bet the IT team is thrilled to have permanent admin rights. Time to start a side business!
upvoted 0 times
...
Rozella
3 months ago
Definitely D. Eligible assignments are the way to keep things secure while still giving the IT team the access they need.
upvoted 0 times
...
Julie
3 months ago
I agree, making the assignments eligible is the way to go. Permanent admin rights are a security risk.
upvoted 0 times
...
Nidia
3 months ago
Option D is the correct answer. Eligible assignments allow users to activate the role when needed, rather than having permanent access.
upvoted 0 times
...
Christiane
4 months ago
I feel like I might be mixing up the options, but I think "Expire active assignments" could be a way to manage their access too.
upvoted 0 times
...
Floyd
4 months ago
I practiced a similar question where we had to limit access, and I think the key was making sure they weren't always active.
upvoted 0 times
...
Katina
4 months ago
I'm not entirely sure, but I remember something about expiring assignments. Is that related to the active or eligible assignments?
upvoted 0 times
...
Dana
4 months ago
I think we need to set the assignment type to Eligible so that users only get access when they need it.
upvoted 0 times
...
Leeann
4 months ago
I'm not totally sure about the difference between options A and B. I'll need to double-check the details on expiring eligible vs. active assignments.
upvoted 0 times
...
Albert
4 months ago
This seems straightforward. I'll go with option D to set the assignment type to eligible, and then I'll look at the expiration settings to make sure the users don't have permanent access.
upvoted 0 times
...
Nikita
5 months ago
This question is tricky.
upvoted 0 times
...
Brandee
5 months ago
Okay, I've got this. I just need to set the assignment type to eligible and then configure the expiration settings so the users only have access when they need it.
upvoted 0 times
...
Shawn
5 months ago
Hmm, I'm a bit confused on the difference between active and eligible assignments. I'll need to review that in the documentation.
upvoted 0 times
...
Murray
6 months ago
I think I know how to approach this one. I'll need to look at the role settings and configure the assignment type to be eligible rather than permanent.
upvoted 0 times
Essie
Plus, it keeps things organized in PIM.
upvoted 0 times
...
Kerrie
5 days ago
Exactly! It reduces security risks too.
upvoted 0 times
...
Rory
10 days ago
I agree, making the assignment type eligible is the way to go.
upvoted 0 times
...
Titus
5 months ago
Yes, that way they only have access when needed.
upvoted 0 times
...
Margot
5 months ago
Good call! Let's implement that change.
upvoted 0 times
...
...

Save Cancel