SC-200 · Question #337
SC-200 Question #337: Real Exam Question with Answer & Explanation
The correct answer is A: Microsoft Sentinel Responder. The Microsoft Sentinel Responder role is specifically designed for users who need to investigate and respond to incidents in Microsoft Sentinel. This role provides the necessary permissions to investigate incidents and alerts, while adhering to the principle of least privilege, a
Question
You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1 and a user named User1. You need to ensure that User1 can investigate incidents by using Workspace1. The solution must follow the principle of least privilege. Which role should you assign to User1?
Options
- AMicrosoft Sentinel Responder
- BMicrosoft Sentinel Contributor
- CMicrosoft Sentinel Automation Contributor
- DMicrosoft Sentinel Reader
Explanation
The Microsoft Sentinel Responder role is specifically designed for users who need to investigate and respond to incidents in Microsoft Sentinel. This role provides the necessary permissions to investigate incidents and alerts, while adhering to the principle of least privilege, as it does not grant permissions beyond what is needed for incident response.
Community Discussion
No community discussion yet for this question.