You have a hybrid deployment of Azure Active Directory (Azure AD) that contains two users named User1 and User2. You need to assign Role Based Access Control (RBAC) roles to User1 and User2 to meet the following requirements: ✑ Use the principle of least privilege. ✑ Enable User1 to view sync errors by using Azure AD Connect Health. ✑ Enable User2 to configure Azure Active Directory Connect Health Settings. Which…

QuestionsCategory: MS-500You have a hybrid deployment of Azure Active Directory (Azure AD) that contains two users named User1 and User2. You need to assign Role Based Access Control (RBAC) roles to User1 and User2 to meet the following requirements: ✑ Use the principle of least privilege. ✑ Enable User1 to view sync errors by using Azure AD Connect Health. ✑ Enable User2 to configure Azure Active Directory Connect Health Settings. Which…
Admin Staff asked 4 months ago
You have a hybrid deployment of Azure Active Directory (Azure AD) that contains two users named User1 and User2.
You need to assign Role Based Access Control (RBAC) roles to User1 and User2 to meet the following requirements:
✑ Use the principle of least privilege.
✑ Enable User1 to view sync errors by using Azure AD Connect Health.
✑ Enable User2 to configure Azure Active Directory Connect Health Settings.
Which two roles should you assign? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. The Monitoring Reader role in Azure AD Connect Health to User1

B. The Security reader role in Azure AD to User1

C. The Reports reader role in Azure AD to User1

D. The Contributor role in Azure AD Connect Health to User2

E. The Monitoring Contributor role in Azure AD Connect Health to User2

F. The Security operator role in Azure AD to User2




 

Suggested Answer: AE

A: The Monitoring Reader can read all monitoring data (metrics, logs, etc.).
Note: Assign the Monitoring reader role to the Azure Active Directory application on the subscription, resource group or resource you want to monitor.
E: Monitoring Contributor can read all monitoring data and edit monitoring settings.
Incorrect:
Not B: Security Reader can view permissions for Security Center. Can view recommendations, alerts, a security policy, and security states, but cannot make changes
Not D: Contributor grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

This question is in MS-500 Microsoft 365 Security Administration Exam
For getting Microsoft Certified: Security, Compliance, and Identity Fundamentals Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft. 
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.