IT Certification exam information exchange, brain dumps discussions sharing.
You are not logged in. Please login or register.
Share Test → Microsoft Certifications → Microsoft SC-200 topic 9 question 4
You need to assign a role-based access control (RBAC) role to admin1 to meet the Azure Sentinel requirements and the business requirements.
Which role should you assign?
A.
Automation Operator
B.
Automation Runbook Operator
C.
Azure Sentinel Contributor
D.
Azure Sentinel Responder
Azure Sentinel Contributor is the only provided correct role. If "Log Analytics Contributor" or "Microsoft Sentinel Automation Contributor" they would be better suited to meet the business requirement for least privilege.
Contributor: "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries." Ref https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor
Correction: "Logic App Contributor" instead of "Log Analytics Contributor"
No correct Answer - https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#microsoft-sentinel-automation-contributor
So we agree there is no correct answer? Since you need Logic App Contributor to configure(edit) playbooks.
Correct option
Correct Answer missing. Log App Contributor.
contributor, it doesn't say he needs to create the playbook, just link it.
no it doesn't. It says he needs to CONFIGURE playbooks. I'd interpret that as actually creating, editing, updating the playbook rather than just linking it.
Logic App Contributor is the correct answer but missing from the list.
admin1 should be assigned the Azure Sentinel Contributor role. This role provides access to the Azure Sentinel workspace and allows the user to perform tasks such as creating incidents, hunting for threats, and managing data connectors. The Automation Operator and Automation Runbook Operator roles are related to Azure Automation, which is not relevant to the current requirements. The Azure Sentinel Responder role is also related to Azure Sentinel, but it has more limited capabilities compared to the Azure Sentinel Contributor role, as it only allows the user to manage incidents and execute response actions.
Vote C Azure Sentinel Contributor, because it is at least 50% there whereas the rest are not even close.
The below link describes that if you were to give someone Azure Sentinel Contributor(50%) and Logic App Contributor(Other 50%) they can create and run playbooks.
https://learn.microsoft.com/en-us/azure/sentinel/roles#microsoft-sentinel-roles-permissions-and-allowed-actions
Requirement is "configure Azure Sentinel playbooks" not just assign to automation rule. So, answer C is correct
Not Really ...
See here https://learn.microsoft.com/en-us/azure/sentinel/roles
Microsoft Sentinel Contributor can, in addition to the above, install and update solutions from content hub, create and edit workbooks, analytics rules, and other Microsoft Sentinel resources.
Share Test → Microsoft Certifications → Microsoft SC-200 topic 9 question 4
Note: This forum is a platform for users to share insights and discuss exam-related topics. We do not provide authentic exam questions or answers. The content here is contributed by community members and is meant for collaborative learning and discussion purposes only. Users are encouraged to refer to official sources for accurate exam materials.