New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 3 Question 105 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 105
Topic #: 3
[All SC-200 Questions]

You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1 and a user named User1.

You need to ensure that User1 can investigate incidents by using Workspace1. The solution must follow the principle of least privilege.

Which role should you assign to User1?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Luisa at Jan 28, 2026, 09:07 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Mickie
5 days ago
I practiced a similar question where the least privilege principle was key. I believe "Microsoft Sentinel Contributor" might be too much access for just investigating.
upvoted 0 times
...
Lakeesha
10 days ago
I'm not entirely sure, but I remember something about the "Security Reader" role being relevant for investigations.
upvoted 0 times
...
Kattie
15 days ago
I think User1 might need the "Microsoft Sentinel Reader" role since it allows viewing incidents without giving too many permissions.
upvoted 0 times
...
Salome
20 days ago
This seems straightforward. I'd just assign the Sentinel Responder role to User1 - that should let them look into incidents without too much extra permission. Seems like the right balance for this scenario.
upvoted 0 times
...
Gretchen
25 days ago
Okay, I've got a plan. I'll review the Sentinel documentation to see which role would let User1 investigate incidents without giving them unnecessary admin access. Gotta be careful with that least privilege thing.
upvoted 0 times
...
Annmarie
1 month ago
Hmm, not sure about this one. Gotta make sure we follow the principle of least privilege, but I'm not totally clear on what all the Sentinel roles can do. Might need to do some research to find the right one.
upvoted 0 times
...
Laurena
1 month ago
I think I'd start by looking at the different Sentinel roles and their permissions. Seems like we need to give User1 the right level of access to investigate incidents without too much extra power.
upvoted 0 times
...

Save Cancel