🔥 3-day streak
Microsoft Security Operations Analyst189 / 190
Question 189 of 190

Your SOC uses Microsoft Sentinel. A newly hired junior analyst must be able to view incidents, run KQL queries, and manage (assign, change status, add comments) incidents in the Sentinel workspace. However, company policy states this analyst must NOT be able to create or modify analytics rules, edit playbooks, or run playbooks manually. Which single built-in Azure role should you assign to satisfy least privilege?

Reviewed for accuracy · Report an issueNext question