Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 3 Question 105 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 105
Topic #: 3
[All SC-200 Questions]

You have an Azure subscription that contains a Microsoft Sentinel workspace named Workspace1 and a user named User1.

You need to ensure that User1 can investigate incidents by using Workspace1. The solution must follow the principle of least privilege.

Which role should you assign to User1?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Luisa at Jan 28, 2026, 09:07 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Nieves
3 days ago
Wait, is there a "Security Sleuth" role? That's what I'd choose!
upvoted 0 times
...
Ty
9 days ago
I'm feeling the Security Incident Responder vibe. Sounds like a good fit.
upvoted 0 times
...
Delsie
14 days ago
Security Responder, easy peasy. Gotta be able to investigate those incidents!
upvoted 0 times
...
Cecilia
19 days ago
Hmm, I'd go with Security Reader. Gotta keep that privilege low, you know?
upvoted 0 times
...
Haydee
24 days ago
Security Analyst should do the trick.
upvoted 0 times
...
Fidelia
29 days ago
I feel like the "Security Reader" role could work, but I need to double-check if it covers all the investigation capabilities in Sentinel.
upvoted 0 times
...
Mickie
2 months ago
I practiced a similar question where the least privilege principle was key. I believe "Microsoft Sentinel Contributor" might be too much access for just investigating.
upvoted 0 times
...
Lakeesha
2 months ago
I'm not entirely sure, but I remember something about the "Security Reader" role being relevant for investigations.
upvoted 0 times
...
Kattie
2 months ago
I think User1 might need the "Microsoft Sentinel Reader" role since it allows viewing incidents without giving too many permissions.
upvoted 0 times
...
Salome
2 months ago
This seems straightforward. I'd just assign the Sentinel Responder role to User1 - that should let them look into incidents without too much extra permission. Seems like the right balance for this scenario.
upvoted 0 times
...
Gretchen
2 months ago
Okay, I've got a plan. I'll review the Sentinel documentation to see which role would let User1 investigate incidents without giving them unnecessary admin access. Gotta be careful with that least privilege thing.
upvoted 0 times
...
Annmarie
3 months ago
Hmm, not sure about this one. Gotta make sure we follow the principle of least privilege, but I'm not totally clear on what all the Sentinel roles can do. Might need to do some research to find the right one.
upvoted 0 times
...
Laurena
3 months ago
I think I'd start by looking at the different Sentinel roles and their permissions. Seems like we need to give User1 the right level of access to investigate incidents without too much extra power.
upvoted 0 times
...

Save Cancel