ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 3 question 52 discussion

Actual exam question from Microsoft's MS-100
Question #: 52
Topic #: 3
[All MS-100 Questions]

You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named
User1.
You enable Azure AD Identity Protection.
You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?

  • A. Compliance administrator
  • B. Global administrator
  • C. Owner
  • D. Security administrator
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Either one of the following three roles can review the list in Azure AD Identity Protection of users flagged for risk:
✑ Security Administrator
✑ Global Administrator
✑ Security Reader
Using the principle of least privilege, we should add User1 to the Security Administrator role.
Note:
There are several versions of this question in the exam. The question has three possible correct answers:
1. Security Reader
2. Security Administrator

Global Administrator -
Other incorrect answer options you may see on the exam include the following:
1. Service Administrator.
2. Reports Reader
3. User Administrator
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins
by melatocaroca at June 14, 2021, 8:19 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
melatocaroca
Highly Voted 3 years, 12 months ago
Using the principle of least privilege, we should add User1 to the Security Administrator role. Security administrator Can read security information and reports and manage configuration in Azure AD and Office 365. Compliance administrator Can read and manage compliance configuration and reports in Azure AD and Microsoft 365. Global administrator Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities. No match principle of least privilege Owner SharePoint related https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
upvoted 9 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel