ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 19 discussion

Actual exam question from Microsoft's MS-102
Question #: 19
Topic #: 1
[All MS-102 Questions]

HOTSPOT -
You have a Microsoft 365 E5 tenant.
You need to ensure that administrators are notified when a user receives an email message that contains malware. The solution must use the principle of least privilege.
Which type of policy should you create, and which Microsoft Purview solutions role is required to create the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by osxzvkwpfcfxobqjby at Aug. 10, 2023, 11:07 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
osxzvkwpfcfxobqjby
Highly Voted 1 year, 9 months ago
- Alert - Security administrator (principle of least privilege) https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide
upvoted 55 times
sigvast
1 year, 6 months ago
The correct answer is : - Alert - Organization Management "To create alert policies, you have to be assigned the Manage Alerts role or the Organization Configuration role in the compliance portal or the Defender portal." https://learn.microsoft.com/en-us/purview/alert-policies?redirectSourcePath=%252farticle%252f8927b8b9-c5bc-45a8-a9f9-96c732e58264#how-alert-policies-work Manage Alerts role is in included in the following role groups : - Compliance Administrator - Compliance Data Administrator - Organization Management - Security Administrator - Security Operator Organization Configuration role is included in the following role groups : - Compliance Administrator - Compliance Data Administrator - Organization Management https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide Security Administrator and Organization Management are correct answers but following the principle of least privilege, the correct role group is Organization Management.
upvoted 5 times
sigvast
1 year, 6 months ago
My bad, Security Administrator is the correct answer because Organization Management give more permissions ...
upvoted 19 times
...
...
...
letters1234
Highly Voted 1 year, 8 months ago
Security Administrator or Global Administrator are required to setup the alert notifications. Least privilege means SA instead of GA. https://learn.microsoft.com/en-us/microsoft-365/security/defender/configure-email-notifications?view=o365-worldwide#create-rules-for-alert-notifications
upvoted 11 times
...
EubertT
Most Recent 1 month ago
✅ Answer Area: Policy type: Alert Role: Security Administrator 🧠 Explanation: Alert policies in the Microsoft 365 Defender or Purview compliance center can be configured to notify admins when suspicious or malicious activities occur, such as malware in email. The Security Administrator role has the necessary permissions to create and manage alert policies related to threats and incidents, without granting broader organizational permissions like Organization Management.
upvoted 1 times
...
004b54b
1 month, 1 week ago
Second is "Security Administrator": first row of the table: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/delegate-by-task#microsoft-entra-id-protection-least-privileged-roles Task Least privileged role Configure alert notifications Security Administrator
upvoted 1 times
...
MR_Eliot
7 months, 4 weeks ago
Second one is Security Administrator: Role group name Security Administrator Role group description - Roles in the role group Audit Logs Compliance Manager Administration Device Management DLP Compliance Management IB Compliance Management Manage Alerts Quarantine Security Administrator Sensitivity Label Administrator Tag Contributor Tag Manager Tag Reader View-Only Audit Logs View-Only Device Management View-Only DLP Compliance Management View-Only IB Compliance Management View-Only Manage Alerts
upvoted 1 times
...
LakesWizard
10 months, 3 weeks ago
Using least privileaged won't be organization management.
upvoted 1 times
...
9326359
1 year ago
-Alert -Security administrator https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/delegate-by-task
upvoted 1 times
...
neken123
1 year, 4 months ago
we just need the role to create the policy, so organization management role would be least priviledged role
upvoted 1 times
...
Jonnaz
1 year, 4 months ago
I think it should be Threat instead of Alert and here's why: An Alert policy in Microsoft 365 is typically used to track and respond to activity alerts, such as user and admin activities, malware threats, or data loss incidents. While you can create an alert policy to notify administrators when certain activities occur, it’s not specifically designed to handle malware detections in email messages1. On the other hand, a Threat policy (specifically, an anti-malware policy) in Microsoft 365 is designed to configure the settings that determine how malware detections are handled, including settings for notifications when a user receives an email that contains malware. Therefore, while an Alert policy could potentially be used to achieve similar results, a Threat policy is the more appropriate and direct solution for this specific requirement.
upvoted 3 times
...
m2L
1 year, 5 months ago
sigvast you are right the given answer is correct
upvoted 1 times
...
TonyManero
1 year, 6 months ago
Alert and Security Admin. Please update the answers.
upvoted 7 times
...
lolern123
1 year, 6 months ago
Correct me if im wrong, but people here saying that the Organization Management is not a role in purview and only exchange. Look at this bit. https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide Can someone break this down? To me it looks like that Organization Management is enough and that security administrator will give a lot of unnecessary access in this case. For now sticking with the answer provided - Alert - Organization Management
upvoted 1 times
Clinson
1 year, 6 months ago
Nevermind, the communcation compliance administrator doesn't have permission to create alert policies.
upvoted 1 times
...
Clinson
1 year, 6 months ago
Yep, but per your same link communication compliance administrator can create policies, and has less privileges that Org Management
upvoted 2 times
...
...
Alecks
1 year, 6 months ago
- Alert - Communication Compliance Administrators Because "Communication Compliance Administrators" is the principle of least privilege https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide#:~:text=Administrators%20of%20communication%20compliance%20that%20can%20create/edit%20policies%20and%20define%20global%20settings.
upvoted 1 times
...
sergioandreslq
1 year, 6 months ago
In the Alert policies, you can create an alert with to send a notification when: "Detected Malware in an email message", you set up an alert and add as information the category for this alert which is "threat management" https://security.microsoft.com/alertpoliciesv2 My selection for the role will be "security administrator"
upvoted 1 times
...
Paul_white
1 year, 7 months ago
CORRECT!!! https://www.examtopics.com/discussions/microsoft/view/110911-exam-ms-101-topic-2-question-139-discussion/
upvoted 1 times
MarkusSan
1 year, 7 months ago
not correct, by link provided ;)
upvoted 3 times
...
...
Nilz76
1 year, 7 months ago
Policy type: Threat Role: Security Administrator Explanation: You would want to create a Threat Policy to ensure that administrators are notified when a user receives an email message containing malware. Specifically, you might want to configure a Threat Policy within the Microsoft 365 Security & Compliance Center or Microsoft 365 Defender. The Security Administrator role is suited for this task as it has the necessary permissions to manage security configurations across the tenant, adhering to the principle of least privilege. This role can create and manage threat policies to ensure that alerts are generated and sent to administrators when malware is detected in email messages.
upvoted 4 times
...
MondherBB
1 year, 7 months ago
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide&toc=%2Fmicrosoft-365%2Fcompliance%2Ftoc.json&bc=%2Fmicrosoft-365%2Fbreadcrumb%2Ftoc.json Communication Compliance Administrators Administrators of communication compliance that can create/edit policies and define global settings.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago