ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 3 question 84 discussion

Actual exam question from Microsoft's MS-100
Question #: 84
Topic #: 3
[All MS-100 Questions]

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains a user named User1.
You suspect that an imposter is signing in to Azure AD by using the credentials of User1.
You need to ensure that an administrator named Admin1 can view all the sign in details of User1 from the past 24 hours.
To which three roles should you add Admin1? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. Security administrator
  • B. Password administrator
  • C. User administrator
  • D. Compliance administrator
  • E. Reports reader
  • F. Security reader
Show Suggested Answer Hide Answer
Suggested Answer: AEF 🗳️
Users in the Security Administrator, Security Reader, Global Reader, and Report Reader roles can view the sign in details.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
by Piper at Nov. 3, 2019, 9:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Golo
Highly Voted 5 years, 5 months ago
Regarding https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins#prerequisites the correct answer should be Security Administrator, Security Reader, and Report Reader roles
upvoted 52 times
Hamster5000
5 years, 3 months ago
Surely you dont need Security reader role if you already have Security administrator
upvoted 8 times
Kaylewis
4 years, 7 months ago
Hamster500, you need a security reader role to be assigned to Admin1. The question says each of the role should serve as a complete solution. Answers are Security administrator, report reader and security reader. I am still wondering why a password administrator will be able to view sign-in logs. Any help will be appreciated
upvoted 3 times
...
...
treanor
5 years, 3 months ago
the question should be "To which three roles _could_ you add Admin1?". The user does not need to be added to all roles
upvoted 7 times
WoneSix
5 years, 2 months ago
treanor, agreed. It should be one of those "What is the role you -should- add Admin1 to so he can view the logon activity?"
upvoted 1 times
...
SMHH
5 years, 2 months ago
Question specifically states Each correct answer presents a complete solution.
upvoted 6 times
...
...
joergsi
3 years, 2 months ago
In the link above the following information can be found: Who can access Sign-in logs in Azure Active Directory? You can always access your own sign-ins history using this link: https://mysignins.microsoft.com To access the sign-ins log, you need to be: - A global administrator A user in one of the following roles: - Security administrator - Security reader - Global reader - Reports reader
upvoted 2 times
...
...
lusis987
Highly Voted 5 years, 1 month ago
Answers: A,E,F
upvoted 27 times
...
Startkabels
Most Recent 2 years, 4 months ago
Selected Answer: AEF
Makes sense
upvoted 1 times
...
Nilz76
3 years ago
This question was in my exam on 06/April/2022. I passed.
upvoted 1 times
...
adaniel89
3 years, 10 months ago
If you have Security Administrator role, you dont need Security Reader role! https://docs.microsoft.com/en-us/azure/security-center/security-center-permissions
upvoted 1 times
...
asthmaticninja
4 years, 1 month ago
AEF as per https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
upvoted 3 times
...
ppolychron
4 years, 2 months ago
A, E, F Read sign-in logs: Reports reader, Security Reader, Security administrator https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#monitoring---sign-ins
upvoted 7 times
lucidgreen
4 years, 1 month ago
This seems to be the best source I've seen.
upvoted 2 times
...
...
[Removed]
4 years, 3 months ago
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins Who can access the data? Users in the Security Administrator, Security Reader, Global Reader, and Report Reader roles Global Administrators Any user (non-admins) can access their own sign-ins
upvoted 1 times
...
mkoprivnj
4 years, 4 months ago
A, E, F for sure!
upvoted 4 times
...
dibdoank
4 years, 4 months ago
It's definitely A E F > Report reader, security reader and Security Administrator, source: Read sign-in logs > Reports reader, Security Reader, Security administrator
upvoted 1 times
...
Jayatheerthan
4 years, 6 months ago
It says "You need to ensure that an administrator named Admin1 can view all the sign in details". This means he is only going to view the sign-in report. Then the answer will be A,E,F. Only these role have the permission to view the Sign-in reports.
upvoted 3 times
...
h3nk13
4 years, 7 months ago
Tricky question: Admin1 can view all the sign in "details".
upvoted 1 times
...
emil568
4 years, 8 months ago
Sign-in activity reports in the Azure Active Directory portal: Who can access the data? Users in the Security Administrator, Security Reader, Global Reader, and Report Reader roles Global Administrators Any user (non-admins) can access their own sign-ins
upvoted 1 times
...
M0S1
4 years, 8 months ago
i agree with answer being A,E,F
upvoted 1 times
...
[Removed]
4 years, 9 months ago
Answer: A E F Explanation Users in the Security Administrator, Security Reader, Global Reader, and Report Reader roles can view the sign in details. Reference: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
upvoted 14 times
...
shark1
4 years, 10 months ago
Tricky, AEF, if you follow the microsoft.directory/auditLogs/allProperties/read permission to be exacted.
upvoted 3 times
...
kazaki
4 years, 10 months ago
Users in the Security Administrator, Security Reader, Global Reader, and Report Reader roles Global Administrators https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins#prerequisites this is totally wrong answer
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago