ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 3 question 29 discussion

Actual exam question from Microsoft's MS-100
Question #: 29
Topic #: 3
[All MS-100 Questions]

You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named
User1.
You enable Azure AD Identity Protection.
You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?

  • A. Security reader
  • B. User administrator
  • C. Owner
  • D. Global administrator
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Eltooth at April 9, 2021, 6:39 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Eltooth
Highly Voted 4 years, 2 months ago
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#permissions
upvoted 7 times
...
dumpmaster
Highly Voted 3 years, 5 months ago
Selected Answer: A
Security reader: View all Identity Protection reports and Overview blade. https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
upvoted 5 times
...
Amir1909
Most Recent 1 year, 4 months ago
A is correct
upvoted 1 times
...
Amir1909
1 year, 4 months ago
A is correct
upvoted 1 times
...
Oval61251
2 years, 7 months ago
Key word review, so Security Reader would apply
upvoted 1 times
...
tejb
3 years, 9 months ago
Permissions Identity Protection requires users be a Security Reader, Security Operator, Security Administrator, Global Reader, or Global Administrator in order to access. Source: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
upvoted 2 times
...
fko1978
3 years, 9 months ago
review (=not change) so, Security reader: View all Identity Protection reports and Overview blade
upvoted 3 times
...
TimurKazan
3 years, 10 months ago
so I would go with Global Admin. User Administrator has nothing to do with Azure Identity Protection
upvoted 1 times
Turak64
3 years, 9 months ago
"The solution must use the principle of least privilege."
upvoted 2 times
TimurKazan
3 years, 9 months ago
it is actually the least possible privilege to perform such tasks from this list of given roles
upvoted 1 times
Azreal_75
3 years, 8 months ago
It isn;t, see role descriptions here: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#permissions
upvoted 3 times
...
...
...
...
Luiza
4 years ago
B. User administrator "Review" is not "Read"
upvoted 1 times
TimurKazan
3 years, 10 months ago
Correct. but in this case it should be Security Administrator
upvoted 1 times
...
...
junior6995
4 years ago
Should I consider "Review" and "Read" the same?
upvoted 1 times
...
airairo
4 years, 1 month ago
This is in ms 101
upvoted 1 times
LouahZA
3 years, 10 months ago
i had this on my first go on ms-100
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel