Free Microsoft SC-200 Security Operations Analyst Actual Exam Questions - Question 2 Discussion
named User1.
You need to ensure that User1 can manage Microsoft Defender XDR custom detection rules and
Endpoint security policies. The solution must follow the principle of least privilege.
Which role should you assign to User1?
C, because Security Administrator handles both detection rules and endpoint policies properly.
I’m thinking A might be off since Desktop Analytics Admin is more about analytics, not security rules. Could B be too limited if it mainly covers monitoring? Wondering if D grants more device control than security policy rights.
I’m ruling out D since Cloud Device Administrator is more about device management, not security policies or detection rules. So C looks like the best fit here for those tasks. C
Not B, because Security Operator mainly focuses on monitoring and alerts, not managing policies. C seems better as it includes permissions for both detection rules and endpoint security management.
This one’s tricky, but I’d go with B here. Security Operator lets users manage custom detection rules without the full admin rights of Security Administrator, which fits the least privilege rule better. Since the question emphasizes managing detection rules and endpoint policies, B seems to cover that without giving too much access. C feels a bit too broad if we want to stick strictly to least privilege. So yeah, B makes more sense to me as it balances control and minimal access.
B, because Security Operator can manage detection rules but with fewer privileges than Security Administrator.
C imo, because Security Administrator specifically manages security settings and policies, including Defender rules. D sounds like it’s more about device management than security policy creation. B is mostly for monitoring alerts, so it won’t cover rule creation. Since we want least privilege, C strikes a good balance by focusing on security features without giving full global admin rights.
D, it’s focused on endpoint device management, which fits policy control better.
C Seems like Security Administrator fits since it covers managing detection rules and policies, but does it give too many rights beyond least privilege? Wondering if B or D might be more scoped.