SC-200 · Question #60
SC-200 Question #60: Real Exam Question with Answer & Explanation
The correct answer is B: the Active remediation actions role in Microsoft Defender for Endpoint. Security Reader - can access M365 Security Center. Active Remediation Actions role in Defender for Endpoint meets need to 'approve and reject' pending actions with respect to Defender For Endpoint. https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?vie
Question
Your company deploys the following services: - Microsoft Defender for Identity - Microsoft Defender for Endpoint - Microsoft Defender for Office 365 You need to provide a security analyst with the ability to use the Microsoft 365 security center. The analyst must be able to approve and reject pending actions generated by Microsoft Defender for Endpoint. The solution must use the principle of least privilege. Which two roles should assign to the analyst? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Options
- Athe Compliance Data Administrator in Azure Active Directory (Azure AD)
- Bthe Active remediation actions role in Microsoft Defender for Endpoint
- Cthe Security Administrator role in Azure Active Directory (Azure AD)
- Dthe Security Reader role in Azure Active Directory (Azure AD)
Explanation
Security Reader - can access M365 Security Center. Active Remediation Actions role in Defender for Endpoint meets need to 'approve and reject' pending actions with respect to Defender For Endpoint. https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-
Topics
Community Discussion
No community discussion yet for this question.