Exam MS-500 topic 1 question 82 discussion

I think A-Security Operator is the right answer. in the Permissions>Manage all it has -Create and delete all resources, and read and update standard properties in ‎Azure AD Identity Protection‎

Security Admin is the correct answer. Security operator can't configure policies

The Identity Governance Administrator role in Microsoft 365 provides the necessary permissions to configure and manage identity-related policies and features, including Azure AD Identity Protection. This role allows User1 to configure user risk policies and receive alerts specifically related to Azure AD Identity Protection. Assigning User1 the Identity Governance Administrator role ensures that they have the appropriate level of access and control over identity protection without granting them broader security administration privileges (such as the Security Administrator role) that may exceed their requirements.

Yes it's C. Only Global Admins and Security Admins can configure Identity Protection policies. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#required-roles

Agreed with EM1234, it should be C.

Answer is C https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-operator

I think it should be C. This is from the docs on the security operator built in role: All permissions of the Security Reader role Perform all Identity Protection operations except for configuring or changing risk-based policies, resetting passwords, and configuring alert e-mails. https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-operator