Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam

Exam SC-200 topic 1 question 26 discussion

Actual exam question from Microsoft's SC-200
Question #: 26
Topic #: 1
[All SC-200 Questions]

DRAG DROP -
You have an Azure subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains two users named User1 and User2.
You plan to deploy Azure Defender.
You need to enable User1 and User2 to perform tasks at the subscription level as shown in the following table.

The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, drag the appropriate roles to the correct users. Each role may be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Owner -
Only the Owner can assign initiatives.

Box 2: Contributor -
Only the Contributor or the Owner can apply security recommendations.
Reference:
https://docs.microsoft.com/en-us/azure/defender-for-cloud/permissions

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Lion007
Highly Voted 2 weeks, 6 days ago
Answer is correct, but the justification provided is not quite accurate. User1: Owner User2: Contributor You can't choose 'Security Admin' because the key in the questions is 'at the subscription level'. Read the Security Admin section in the documentation https://docs.microsoft.com/en-us/azure/defender-for-cloud/permissions At the Subscription Level, only Contributor and Owner can : - Apply security recommendations - Add/Assign initiatives - Edit security policy - Dismiss alerts However, only the Owner can 'Enable auto provisioning'... to be the owner of the extension you're deploying. "For auto provisioning, the specific role required depends on the extension you're deploying." Check the section under the roles table https://docs.microsoft.com/en-us/azure/defender-for-cloud/permissions All roles can 'view' alerts and recommendations.
upvoted 52 times
Tanasi
2 years ago
This guy is correct. Details here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection?tabs=autoprovision-loganalytic#availability
upvoted 4 times
...
...
j888
Highly Voted 2 years, 5 months ago
Wouldn't this be contributors for both? https://docs.microsoft.com/en-us/azure/defender-for-cloud/permissions#roles-and-allowed-actions
upvoted 16 times
LotusBeta
2 years, 2 months ago
Sorry i was wrong to upvote this answer, the right answer is Owner and then Contributor.
upvoted 3 times
Tohar
1 year, 9 months ago
That's correct. Because only Owner can ASSIGN Initiatives at the subscription level.
upvoted 2 times
...
...
...
Adam7777
Most Recent 4 days, 12 hours ago
user1: Contributor user2: Security Reader user1, Don't need to be an owner or Security Administrator to do the mentioned tasks. user2, only needs to read and apply security recommendations and dismiss alerts, Hence, Seucirty reader is the only option
upvoted 1 times
...
Murtuza
9 months, 2 weeks ago
The other give away in this question is security administrator no such thing so you can easily rule that out . Its actually security admin in Azure AD RBAC role
upvoted 1 times
...
danlo
11 months ago
Is Security Administrator a typo? There's an Entra AD role named that but RBAC is "Security Admin"
upvoted 1 times
...
chepeerick
11 months, 3 weeks ago
correct
upvoted 1 times
...
Marchiano
1 year, 2 months ago
User 1: Owner User 2: Contributor Keyword: at subscription level Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions
upvoted 3 times
...
UmarCyber
1 year, 8 months ago
At subscription level only owner can 'Add/assign initiatives (including) regulatory compliance standards)'. Answer is correct.
upvoted 4 times
...
Matshedy
1 year, 8 months ago
Correct answer: User 1: contributor User 2: contributor
upvoted 1 times
...
zafara55
1 year, 10 months ago
Apology. Security Administrator is not correct for user 1. It's not applied at the subscription level.
upvoted 1 times
...
zafara55
1 year, 10 months ago
Security Administrator is also correct for user 1. Security Admin can Add/assign initiatives (including) regulatory compliance standards)
upvoted 1 times
...
Snaileyes
2 years ago
At the given reference URL… Contributor can also assign initiatives… So… Contributor for both!
upvoted 1 times
Reyrain
1 year, 10 months ago
no, it is quite clear that is not the case from the (above) linked article.
upvoted 1 times
...
...
Pandaguo
2 years ago
The solution must use the principle of least privilege.... contributor priviledge is lower than owner I suppose, if so the first one why don't select contributor ?
upvoted 2 times
...
Tanasi
2 years ago
Solution is correct. Owner and Contributor are required. If you enable Auto Provisioning, there are resources that require you to be Owner on that subscription. Details here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-data-collection?tabs=autoprovision-loganalytic#availability
upvoted 3 times
...
Tanasi
2 years ago
Contributor on subscription role for both. Remember that big difference between Contributor and Owner is that Owner also has access to modify RBAC (which is not required here, and will not adhere to Principle of Least Privilege)
upvoted 3 times
...
Stiobhan
2 years, 1 month ago
Right answer is contributor for both: Action Security Reader / Reader Security Admin Contributor / Owner Contributor Owner (Resource group level) (Subscription level) (Subscription level) Add/assign initiatives (including) regulatory compliance standards) - - - ✔ ✔ https://docs.microsoft.com/en-us/azure/defender-for-cloud/permissions It's right there in the link. Remember, it asking at the subscription level.
upvoted 3 times
...
bluegeek
2 years, 1 month ago
Given answer is correct. Key part is "at the subscription level" Security admin only has access in Defender for cloud and not other Azure services https://docs.microsoft.com/en-us/azure/defender-for-cloud/permissions
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...