ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 4 question 29 discussion

Actual exam question from Microsoft's SC-200
Question #: 29
Topic #: 4
[All SC-200 Questions]

HOTSPOT
-

You have an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant named contoso.com. Contoso.com contains a user named User1. Sub1 contains a Microsoft Sentinel workspace.

You provision a Microsoft Copilot for Security capacity.

You need to ensure that User1 can use Copilot for Security to perform the following tasks:

• Update the data sharing and feedback options.
• Investigate Microsoft Sentinel incidents.

The solution must follow the principle of least privilege.

Which role should you assign to User1 for each task? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Blasty at Feb. 24, 2025, 2:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Wiggy
4 days, 17 hours ago
The Microsoft Sentinel Responder role assignment is required to investigate incidents. Source: https://learn.microsoft.com/en-us/azure/sentinel/incident-investigation#prerequisites
upvoted 1 times
Wiggy
4 days, 17 hours ago
And first one is Security Administrator.
upvoted 1 times
...
...
Blasty
2 weeks, 4 days ago
First one is correct. It is stated that the Security Administrator inherit the Copilot owner role to ensure that Security Copilot has at least one owner. The Global Administrator role is protected against removal. https://learn.microsoft.com/en-us/copilot/security/authentication However the second one is incorrect. It is perfectly feasible to use the Microsoft Sentinel Reader role to use the 'investigate' button for an incident. Granted he/she cannot change anything since he/she is only reader, but as stated in the question; it should be least privileged.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago