You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements. Which role should you assign?
Azure Sentinel Contributor is the only provided correct role. If "Log Analytics Contributor" or "Microsoft Sentinel Automation Contributor" they would be better suited to meet the business requirement for least privilege.
Contributor: "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries." Ref https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor
no it doesn't. It says he needs to CONFIGURE playbooks. I'd interpret that as actually creating, editing, updating the playbook rather than just linking it.
Logic App Contributor is the correct answer but missing from the list.
admin1 should be assigned the Azure Sentinel Contributor role. This role provides access to the Azure Sentinel workspace and allows the user to perform tasks such as creating incidents, hunting for threats, and managing data connectors. The Automation Operator and Automation Runbook Operator roles are related to Azure Automation, which is not relevant to the current requirements. The Azure Sentinel Responder role is also related to Azure Sentinel, but it has more limited capabilities compared to the Azure Sentinel Contributor role, as it only allows the user to manage incidents and execute response actions.
Vote C Azure Sentinel Contributor, because it is at least 50% there whereas the rest are not even close.
The below link describes that if you were to give someone Azure Sentinel Contributor(50%) and Logic App Contributor(Other 50%) they can create and run playbooks.
https://learn.microsoft.com/en-us/azure/sentinel/roles#microsoft-sentinel-roles-permissions-and-allowed-actions
Not Really ...
See here https://learn.microsoft.com/en-us/azure/sentinel/roles
Microsoft Sentinel Contributor can, in addition to the above, install and update solutions from content hub, create and edit workbooks, analytics rules, and other Microsoft Sentinel resources.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.SC-200 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Lion007
Highly Voted 2 years, 5 months agoLion007
2 years, 5 months agoDamian367
Highly Voted 2 years, 7 months agoecasjo
Most Recent 7 months, 2 weeks agochepeerick
1 year, 1 month agodanb67
1 year, 1 month agoevilprime
1 year, 8 months agowheeldj
7 months, 1 week ago[Removed]
1 year, 9 months agoMetasploit
2 years, 1 month agoking001
2 years, 7 months agoRamye
9 months, 1 week ago