ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-101 All Questions

View all questions & answers for the MS-101 exam
Go to Exam

Exam MS-101 topic 2 question 28 discussion

Actual exam question from Microsoft's MS-101
Question #: 28
Topic #: 2
[All MS-101 Questions]

You have an Azure Active Directory (Azure AD) tenant and a Microsoft 365 E5 subscription. The tenant contains the users shown in the following table.

You plan to implement Microsoft Defender for Endpoint.
You verify that role-based access control (RBAC) is turned on in Microsoft Defender for Endpoint.
You need to identify which user can view security incidents from the Microsoft Defender Security Center.
Which user should you identify?

  • A. User1
  • B. User2
  • C. User3
  • D. User4
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Goena at Dec. 16, 2021, 12:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
venwaik
Highly Voted 3 years ago
Answer A. Came on exam 09-05-2022
upvoted 8 times
...
[Removed]
Highly Voted 3 years, 5 months ago
Selected Answer: A
According to https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/assign-portal-access?view=o365-worldwide i think A is correct. If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch: Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Defender for Endpoint administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Defender for Endpoint administrator role after switching to RBAC. Only users assigned to the Defender for Endpoint administrator role can manage permissions using RBAC. Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Azure AD user groups can be assigned a role under RBAC.
upvoted 6 times
...
JonJeff
Most Recent 3 years, 1 month ago
The Answer is A. https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-operator
upvoted 2 times
...
OneplusOne
3 years, 4 months ago
A "Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role." https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide
upvoted 5 times
...
VirtualJP
3 years, 5 months ago
Selected Answer: C
I'm thinking Security reader would satisfy the requirement to view incidents - https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-reader
upvoted 1 times
Bekkah
3 years, 5 months ago
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-reader https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-administrator Security Reader is not automatically turned on in Defender when RBAC is turned on and the role would have to be assigned in Defender but the Security Admin automatically has access in RBAC from the way I understand the documentation...but I could always be wrong, ha
upvoted 2 times
VirtualJP
3 years, 5 months ago
I think you are right here, so upon reflection A is the more likely answer.
upvoted 3 times
...
...
...
Goena
3 years, 5 months ago
A. Security Administrator
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel