Exam SC-401 topic 3 question 20 discussion

Correct: An alert To create a case in Microsoft Purview insider risk management, you always start from an alert. Which users are added as contributors by default? Insider Risk Management Admin3 (Insider Risk Management Investigators) Cab access Admin2 (Insider Risk Management Analysts) NO rights Admin1 (Insider Risk Management Admin) Admin4 (Insider Risk Management Auditors) https://learn.microsoft.com/en-us/purview/insider-risk-management-configure#step-1-required-enable-permissions-for-insider-risk-management

Object it's correct: Risky User But the users should be Admin1, Admin2 and Admin3 since Insider risk management auditors have not necesary permissions to view case reports https://learn.microsoft.com/en-us/purview/insider-risk-management-configure#step-1-required-enable-permissions-for-insider-risk-management

Appears to be correct. The first part is probably correct based on https://learn.microsoft.com/en-us/purview/insider-risk-management-activities which says "Investigating potentially risky user activities is an important first step in minimizing insider risks for your organization." The second part is correct based on https://learn.microsoft.com/en-us/purview/insider-risk-management-cases which says "By default, all users assigned the Insider Risk Management Investigators and the Insider Risk Management roles are listed as contributors for each active and closed case."