Which role should members of the TREY group be added?

DRAG DROP
You need to ensure that the alerting requirements are met.
To which role should members of the TREY group be added? To answer, drag the appropriate terms to the correct locations. Each term may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Correct Answer:

Explanation/Reference:
Explanation:
There are two specific Security Center RBAC roles:
Security Reader: A user that belongs to this role has viewing rights to Security Center. The user can view recommendations, alerts, a security policy, and security states, but cannot make changes.
Security Administrator: A user that belongs to this role has the same rights as the Security Reader and can also update the security policy and dismiss alerts and recommendations.
Scenario:
All employees of Trey Research are members of an Active Directory Domain Services (AD DS) group named TREY.
Only employees of Trey Research Inc. should be able to address automated security recommendations.
The solution has the following requirements for auditing, monitoring, and alerting:
Changes to administrative group membership must be auditable.
Operations involving encryption keys must be auditable by users in the Azure Key Vault Auditors user role.
Resources must have monitoring and alerting configured in Azure Security Center.
Reference: https://docs.microsoft.com/en-us/azure/security-center/security-center-permissions