Microsoft Azure Security Engineer Associate AZ-500 Practice Question
Your company uses Microsoft Entra Privileged Identity Management (PIM) to protect Azure resource roles. A subscription named Contoso-Prod is not yet visible in PIM. You sign in as User1 and must onboard the subscription so that eligible role assignments can later be created. Following the principle of least privilege, which combination of role assignments should be granted to User1 so the onboarding can be completed?
Owner on the Contoso-Prod subscription only
Global Administrator in Microsoft Entra ID only
Owner on the Contoso-Prod subscription and Privileged Role Administrator in Microsoft Entra ID
User Access Administrator on the Contoso-Prod subscription only
To onboard an Azure subscription into PIM, the account must be able to create Azure RBAC role assignments on that resource and hold an Entra directory role that can manage PIM. The Microsoft.Authorization/roleAssignments/write permission is provided by the Owner (or User Access Administrator) role on the subscription. The ability to enable PIM is provided by the Privileged Role Administrator (or Global/Security Administrator) directory role. Granting both Owner on the subscription and Privileged Role Administrator in Microsoft Entra ID satisfies the requirements with the minimum necessary privileges. Granting only one of these roles, or assigning Global Administrator alone, would not provide the full set of permissions required to onboard the subscription.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Microsoft Entra Privileged Identity Management (PIM)?
Open an interactive chat with Bash
Why is the Owner role necessary for onboarding an Azure subscription into PIM?
Open an interactive chat with Bash
Can Global Administrator replace Privileged Role Administrator for managing PIM?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure identity and access
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .