You are the SOC manager for Contoso Ltd., a large global organization with offices and operations in several jurisdictions. The organization runs a hybrid environment with both on-premises and cloud IT infrastructure that needs to be monitored for any security breaches. Contoso Ltd. uses Azure Sentinel as its SIEM solution. 
As a part of your duties for Contoso Ltd., you run a large follow-the-sun SOC across several countries with hundreds of staff: Tier 1 analysts run the initial triage and basic incident resolution; Tier 2 analysts handle incidents escalated to them from Tier 1; and Tier 3 analysts are the most experienced analysts who take on the most complex cases that Tiers 1 and 2 haven’t been able to resolve. Sometimes, this involves the need for Tier 2 analysts to change the configuration of Azure Sentinel. 
With this information in mind, how can you ensure that Tier 1 and Tier 2 SOC analysts cannot change the data sources that are connected to Azure Sentinel and that only Tier 3 analysts have access to do this? Define Roles for Tier 1, Tier 2 and Tier 3 analysts.

Answer options:

A.Tier 1: - Azure Sentinel Automation Contributor, Tier 2: - Azure Sentinel Responder, Tier 3:- Azure Sentinel Responder
B.Tier 1: - Azure Sentinel reader, Tier 2: - Global reader, Tier 3:- Azure Sentinel Responder
C.Tier 1: - Azure Sentinel Contributor, Tier 2: - Azure Sentinel Responder, Tier 3:- Azure Sentinel Contributor
D.Tier 1: - Azure Sentinel Responder, Tier 2: - Azure Sentinel Responder, Tier 3:- Azure Sentinel Contributor

Correct Answer: D 
You should assign the correct built-in Azure AD roles for Azure Sentinel. Here, the Tier 1 and Tier 2 SOC analysts who do not need access to change Sentinel settings should be assigned the Azure Sentinel Responder role, where they can manage incidents and review data. Tier 3 analysts should be assigned the Azure Sentinel Contributor role, which allows them to edit settings in Azure Sentinel. 
Reference: 

https://docs.microsoft.com/en-us/azure/sentinel/roles