DRAG DROP You create an Azure subscription. You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 
Yeah, this follows the typical onboarding in the portal for a fresh subscription. Consent to PIM first so tenant permissions are set, then you're hit with MFA prompt to prove admin identity, finally sign up PIM to manage Azure AD roles. Practice labs and official docs both show this sequence, pretty sure it's still current.
- Consent to PIM
- Verify your identity via MFA
- Sign up PIM for Azure AD roles
Consent to PIM → Verify with MFA → Sign up PIM for Azure AD roles. The catch here is that "Discover privileged roles" looks tempting, but that's after setup. I've seen similar exam questions set up this way and pretty sure this order matches the actual onboarding steps that Microsoft requires. Anyone disagree?
Yeah, the expected order is: Consent to PIM, verify with MFA, then sign up PIM for Azure AD roles. That matches the real onboarding flow-MFA's only required after initial consent. I think this fits how Azure actually steps you through it. If anyone's seen a version where you have to MFA first, let me know!
