Free Microsoft SC-401 Actual Exam Questions - Question 12 Discussion
Purview Data Security Posture Management for AD (DSPM for AD). You need to ensure that User1
can verify the auditing status of the subscription. The solution must follow the principle of least
privilege. To which role group should you add User1?
D imo, the View-Only Organization Management role is mostly tied to Exchange Online and wouldn’t cover auditing status across Microsoft Purview. Insider Risk roles (A and C) focus on risk investigations, which seems overkill and unrelated. B makes sense because Security Reader is designed for read-only access to security features, which would logically include auditing status. So, I’d skip the others since they either grant too many privileges or don’t fit the auditing context.
Option B makes the most sense since it’s designed for security-related read-only access across the tenant, which should include auditing info. The Exchange role is too narrow and risk roles are unrelated here.
It’s B. The Insider Risk roles (A and C) focus on risk investigations and aren’t relevant for just checking audit status. The Exchange Online role (D) is too specific to Exchange and doesn’t cover overall security posture or auditing in DSPM for AD. Security Reader (B) is designed exactly for read-only access to security-related info, so User1 can verify auditing without extra permissions. This fits the principle of least privilege perfectly, since they get only the visibility needed without any ability to modify settings.
It’s B for sure. The Security Reader role lets User1 see auditing details without any edit rights, which fits the least privilege rule perfectly. The other roles are way too broad or unrelated.
B imo, because User1 just needs to view auditing info without making changes. A or C sound more about managing insider risks, which is more than needed.
B, only lets you read security info without extra permissions.
B imo