Microsoft Security Operations Analyst Associate SC-200 Practice Question
You manage an Azure subscription that contains a Log Analytics workspace connected to Microsoft Sentinel. A new SOC analyst requires access to investigate incidents, change their status or severity, assign them to other analysts, and manually run any automation playbooks already linked to the incidents. The analyst must not be able to create or modify analytics rules, workbooks, new playbooks, or any other workspace configuration. Which Azure built-in role should you assign to the analyst at the resource-group scope to meet these requirements while following the principle of least privilege?
The Microsoft Sentinel Responder role is designed for users who need to handle incidents without changing Microsoft Sentinel configuration. It lets a user view incidents and their evidence, assign incidents, change their status or severity, and run playbooks that are attached to incidents. It does not grant permissions to create or modify analytics rules, workbooks, or new playbooks, nor does it allow changes to the workspace or resource-group settings.
Microsoft Sentinel Reader is insufficient because it allows only read-only access, preventing incident response actions such as changing status or running playbooks. Microsoft Sentinel Contributor exceeds the requirement; it permits creating and editing analytics rules, hunting queries, and playbooks, which violates the restriction. Security Admin is an Azure RBAC role unrelated to Microsoft Sentinel specifics and provides broader permissions over security resources than required. Therefore, Microsoft Sentinel Responder is the least-privilege role that satisfies the scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What actions can the Microsoft Sentinel Responder role perform?
Open an interactive chat with Bash
Why isn't Microsoft Sentinel Reader sufficient for this scenario?
Open an interactive chat with Bash
What is the difference between Microsoft Sentinel Responder and Microsoft Sentinel Contributor roles?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage a security operations environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .