[&] You have enabled PIM for your Azure AD tenant. You want your colleague Bob to be able to manage PIM. What role must Bob have to manage PIM?
- Privileged role owner for all subscriptions associated with your tenant
- Privileged role administrator for your tenant -- Correct
- Global admin for your tenant
- Owner for all subscriptions associated with your tenant

[&] You need to ensure that employees who have changed responsibilities are not assigned Azure subscription roles that no longer apply to them. Which PIM feature can help you manage this?
- Access review -- Correct
- Audit
- Approval
- Time limited access