ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 4 question 5 discussion

Actual exam question from Microsoft's SC-200
Question #: 5
Topic #: 4
[All SC-200 Questions]

You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a user named User1.

You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and Endpoint security policies. The solution must follow the principle of least privilege.

Which role should you assign to User1?

  • A. Security Administrator
  • B. Security Operator
  • C. Cloud Device Administrator
  • D. Desktop Analytics Administrator
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ServerBrain at April 26, 2024, 5:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Max_DeJaV
Highly Voted 1 year, 1 month ago
Selected Answer: A
Regarding "endpoint security policies", the role should be Security Admin, as per this link: https://learn.microsoft.com/en-us/defender-endpoint/mde-security-settings-management "The Endpoint Security Policies page in Microsoft Defender XDR is available only for users with the security administrator role in Microsoft Defender XDR. Any other user role, such as Security Reader, cannot access the portal. When a user has the required permissions to view policies in the Microsoft Defender portal, the data is presented based on Intune permissions. If the user is in scope for Intune role-based access control, it applies to the list of policies presented in the Microsoft Defender portal. We recommend granting security administrators with the Intune built-in role, "Endpoint Security Manager" to effectively align the level of permissions between Intune and Microsoft Defender XDR."
upvoted 7 times
...
sapphire
Most Recent 7 months ago
Selected Answer: A
Security Administrator is correct answer Operator has less privileges - View, investigate, and respond to active threats to your Microsoft 365 users, devices, and content. For more information, see Security Operator. https://learn.microsoft.com/en-us/defender-office-365/mdo-portal-permissions
upvoted 1 times
...
talosDevbot
8 months, 2 weeks ago
Selected Answer: A
Remember that the Security Administrator role is focused on configuration and settings management. As soon as you see managing rules or policies in the question, that answer should be Security Administrator. The Security Operator role focuses on the day-to-day operations like viewing and investigating alerts (think of L1 SOC analyst)
upvoted 1 times
...
g_man_rap
10 months ago
Selected Answer: A
Security Administrator (Option A): This role allows full management of security-related features across Microsoft 365, including the ability to manage security settings, policies, alerts, and more. However, this role grants broad permissions that go beyond just managing Microsoft Defender XDR custom detection rules and Endpoint security policies. Security Operator (Option B): This role focuses more on handling alerts, investigating incidents, and responding to threats. It provides access to review and remediate alerts but doesn't allow managing custom detection rules or security policies.
upvoted 1 times
...
7d801bf
11 months, 2 weeks ago
Security Admin because the operator can't change or modify anything only read
upvoted 1 times
...
uday1985
1 year, 1 month ago
One of the following roles is required for Defender for Office 365 Manage alerts Security admin if its O365 then its Secuirty Admin
upvoted 1 times
...
RedZtopics
1 year, 1 month ago
I think it should be B:Security Operator
upvoted 1 times
RedZtopics
1 year, 1 month ago
https://learn.microsoft.com/en-us/defender-xdr/custom-roles
upvoted 1 times
...
...
ServerBrain
1 year, 1 month ago
Selected Answer: B
B. Security Operator
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel