Microsoft 365 Security Administration — Question 96

You have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and a Microsoft Office 365 connector.
You need to assign built-in role-based access control (RBAC) roles to achieve the following tasks:
✑ Create and run playbooks.
✑ Manage incidents.
The solution must use the principle of least privilege.
Which two roles should you assign? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

Answer options

• A. Automation Operator
• B. Azure Sentinel responder
• C. Automation Runbook Operator
• D. Azure Sentinel contributor
• E. Logic App contributor

Correct answer: D, E

Explanation

The Azure Sentinel contributor role allows users to manage incidents and configure playbooks, aligning with the tasks required. The Logic App contributor role is necessary for creating and running playbooks, which is also part of the solution. The other roles do not provide the necessary permissions for both creating playbooks and managing incidents.