Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

Your Azure subscription contains a resource group named RG-SecOps. Microsoft Sentinel is enabled on a Log Analytics workspace named SecWork located in RG-SecOps. A security operations (SOC) team named Tier1 must be able to:

  • View and investigate all incidents in Microsoft Sentinel.
  • Change an incident's status, owner, or severity.
  • Manually run existing playbooks that are attached to incidents. The team must NOT be able to edit analytics rules, onboard new data connectors, or change Microsoft Sentinel settings. Which Azure RBAC role assignment provides Tier1 with the least-privilege access required to meet the requirements?

  • Assign the Microsoft Sentinel Reader role on the SecWork workspace.

  • Assign the Microsoft Sentinel Contributor role on the SecWork workspace.

  • Assign the Microsoft Sentinel Responder role on the SecWork workspace and the Logic App Contributor role on RG-SecOps.

  • Assign the Azure Contributor role on RG-SecOps.

Microsoft Security Operations Analyst Associate SC-200
Manage a security operations environment
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot