ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 163 discussion

Actual exam question from Microsoft's MS-102
Question #: 163
Topic #: 1
[All MS-102 Questions]

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant includes a user named User1.

You enable Azure AD Identity Protection.

You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.

To which role should you add User1?

  • A. Security Reader
  • B. Global Administrator
  • C. Owner
  • D. User Administrator
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by cb0900 at Sept. 19, 2023, 11:28 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
de0e20a
6 months ago
I think the trick here is that the test questions has not stated that these groups are role assignable. If you do not do this at the creation of the group then "isAssignableToRole" is automatically set to false and no role is applied or can be applied to the group afterwards as this setting cannot be changed once the group is created. So we are meant to assume that the role was never added to the group because its the AU that is giving the role not the groups listed in the first section. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/groups-concept
upvoted 1 times
TonyManero
5 months, 2 weeks ago
The question doesn't talk about groups. You can directly assign a role to a User too.
upvoted 1 times
...
...
benpatto
11 months ago
Selected Answer: A
A due to least privilege
upvoted 3 times
...
Paul_white
1 year ago
SECURITY READER
upvoted 3 times
...
DiligentSam
1 year, 1 month ago
Should be A
upvoted 1 times
...
cb0900
1 year, 1 month ago
Selected Answer: A
https://www.examtopics.com/discussions/microsoft/view/49685-exam-ms-100-topic-3-question-29-discussion/ https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#permissions
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago