SC-300 Question #147: Real Exam Question with Answer & Explanation

Submitted by cyberguy42· Mar 6, 2026Manage identity and access - specifically implementing and managing Azure AD Identity Governance features and assigning appropriate administrative roles using least privilege principles (Microsoft SC-300 / MS-102 certification domains).

Question

Drag and Drop Question You have a Microsoft 365 E5 subscription that contains two users named User1 and User2. You need to ensure that User1 can create access reviews for groups, and that User2 can review the history report for all the completed access reviews. The solution must use the principle of least privilege. Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Answer:

Explanation

User Administrator is the least-privileged role that grants the ability to create access reviews for groups, as it includes permissions to manage group memberships and identity governance tasks without full admin rights. Security Reader is the least-privileged role that allows User2 to view completed access review history reports, as it grants read-only access to security and compliance reports including access review results without allowing any modifications. Using these roles satisfies the principle of least privilege by avoiding over-permissioned roles like Global Administrator.

Topics

#Azure AD Identity Governance#Access Reviews#Role-Based Access Control#Principle of Least Privilege

Community Discussion

No community discussion yet for this question.

Full SC-300 Practice Browse All SC-300 Questions