Microsoft Security Operations Analyst — Question 93
You have an Azure subscription that has the enhanced security features in Microsoft Defender for Cloud enabled and contains a user named User1.
You need to ensure that User1 can export alert data from Defender for Cloud. The solution must use the principle of least privilege.
Which role should you assign to User1?
Answer options
- A. User Access Administrator
- B. Owner
- C. Contributor
- D. Reader
Correct answer: D
Explanation
The Reader role grants User1 the ability to view alert data without allowing modifications, thus upholding the principle of least privilege. The other roles, such as Owner and Contributor, provide more access than necessary, enabling changes that are not required for exporting alert data.