Correct Answers: A and C Group A: Responder (Option a is the correct answer)
Group B: Sentinel Automation Contributor (Option c is the correct answer)
You should assign the Responder role to Group A. This role gives the user permission to manage incidents in Azure Sentinel (like assigning users for incidents, dismissing alerts, etc.) and to view several Azure Sentinel resources, including reports, incidents, and workbooks. This role also gives permission to replace Tags of Threat Intelligence Indicator. This role does not give permission to add playbooks to automation rules. Threat Intelligence Indicator is a cloud-based solution used within companies to analyze and act upon threat activities.
You should assign the Azure Sentinel Automation Contributor role to Group
B. In addition to viewing Azure Sentinel resources, managing incidents, and working with workbooks, this role allows Azure Sentinel to add playbooks to automation rules. This meets the scenario requirement.
You should not assign the Reader role to either group. This role gives a user permission to view incidents in Azure Sentinel, but not the permission to replace tags of Threat Intelligence Indicator or to add playbooks to automation rules as required in the scenario.
You should not assign the Security Assessment Contributor role to either of the groups. This role gives permission to create security assessments on the company’s Azure Sentinel subscription, which is useful for knowing if another subscription of Azure Sentinel is needed. This role does not give the permission to replace tags of Threat Intelligence Indicator or to add playbooks to automation rules as required in the scenario.
References:
https://docs.microsoft.com/en-us/azure/sentinel/roles
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles