ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-400 All Questions

View all questions & answers for the SC-400 exam
Go to Exam

Exam SC-400 topic 5 question 21 discussion

Actual exam question from Microsoft's SC-400
Question #: 21
Topic #: 5
[All SC-400 Questions]

You have a Microsoft 365 subscription linked to a Microsoft Entra tenant that contains a user named User1.

You need to grant User1 permission to search Microsoft 365 audit logs. The solution must use the principle of least privilege.

Which role should you assign to User1?

  • A. the Reviewer role in the Microsoft Purview compliance portal
  • B. the View-Only Audit Logs role in the Exchange admin center
  • C. the Compliance Management role in the Exchange admin center
  • D. the Security Reader role in the Microsoft Entra admin center
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Domza at Jan. 31, 2024, 5:40 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Boeroe
8 months ago
None of the answers are correct, this is possible by enabling the audit reader or manager role within Purview: https://learn.microsoft.com/en-us/purview/audit-get-started#step-2-assign-permissions-to-search-the-audit-log
upvoted 4 times
MKnight25
7 months, 1 week ago
Correct, as described in the MS docs: "Admins and members of investigation teams must be assigned the View-Only Audit Logs or Audit Logs role in the Microsoft Purview portal or the Microsoft Purview compliance portal to search or export the audit log. By default, these roles are assigned to the Audit Reader and Audit Manager role groups on Role groups page in the Microsoft Purview portal and the Permissions page in the compliance portal."
upvoted 1 times
...
...
thetootall
9 months, 3 weeks ago
Selected Answer: B
Access to enable or disable auditing and access to audit cmdlets currently requires permissions from the Exchange admin center. Use the existing Audit Logs and View-Only Audit Logs roles in the Exchange admin center to grant access to audit cmdlets. Use the existing Audit Logs role in the Exchange admin center to grant access to enable or disable auditing. https://learn.microsoft.com/en-us/purview/audit-get-started#step-2-assign-permissions-to-search-the-audit-log
upvoted 2 times
...
JimboJones99
10 months, 2 weeks ago
Selected Answer: B
https://learn.microsoft.com/en-us/purview/audit-get-started#step-2-assign-permissions-to-search-the-audit-log
upvoted 1 times
...
Domza
1 year, 4 months ago
Selected Answer: B
Correct~ Note: To search the audit log, administrators and members of investigation teams must be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online with love~
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel