Scenario for Leveraging Resource Level RBAC with Azure Arc in Log Analytics/Azure Sentinel

Resource Level RBAC with Azure Arc in Log Analytics/Azure Sentinel: Scenario for SC-200 Exam

Prev Question Next Question

Question

In which of the following scenarios would you need Azure Arc to leverage resource level RBAC within Log Analytics/Azure Sentinel?

Answers

A. To apply RBAC to a table which sits in a workspace outside of my tenant.

B. To apply RBAC to data which has come from on prem resources within a table.

C. To apply RBAC to data from Azure resources (such as Azure VMs) within a table.

D. To apply RBAC to a table containing restricted data.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B.

$> Monitor | Logs Monitor | Logs Microsoft Search (Ctl) ® Overview Activity log HB Alerts ii. Metrics Logs Service Health Workbooks Insights Applications '® Virtual Machines Storage Accounts (preview) Be Containers Networks (preview) ® cosmos DB (preview) + More Settings BE Diagnostics settings ‘Support + Troubleshooting © Usage and estimated costs f Advisor recommendations Select a scope Browse Recent Resource group Resource types Locations [Airesoures groups Y)] [Aresource pes J] [attocatons ‘P_ Search to filter tems Scope > (@) secure-secore-demo > (@) soar V{@ s0e SS 43yfaidjg7z62syslog AgentHealthAssessment(CyberSecurityDemo) 6b Automate-2216484-CCA AzureActivity(CyberSecurityDemo) BehaviorAnaiyticsinsights(CyberSecurityDemo) (8) BlockaApp (5) BlockiP_BlockUser ServcieNow (5) BlockiP_Notify!T (4) BlockIP_PaloAlto A Selected scopes No scopes selected No results Apply Resource type Resource group Resource group Resource group Storage account Location Canada Central Solution Canada Central ‘Automation Account Canada Central Solution Canada Central Solution Canada Central Logie app Canada Central Logie app West Central Us Logie app West Central US Logie app West Central US$

Reference:

Resource-based access control (RBAC) is a method used in Azure to regulate access to resources based on user roles and permissions. Azure Arc is a service that extends Azure management capabilities to resources outside of Azure, including on-premises and multi-cloud environments. Azure Sentinel and Log Analytics are two Azure services that provide security information and event management (SIEM) and log management capabilities, respectively.

Based on the options provided, the scenario in which Azure Arc is required to leverage resource level RBAC within Log Analytics/Azure Sentinel is option B: To apply RBAC to data which has come from on-prem resources within a table.

When data is ingested into Log Analytics or Azure Sentinel from on-premises resources, it is stored in a workspace within Azure. This workspace is managed by Azure Arc, and the resources from which the data originates are not managed by Azure. To apply RBAC to data from these resources, Azure Arc is required to extend Azure management capabilities to the on-premises resources. Azure Arc allows you to apply RBAC policies to these resources, which will also extend to the data that is ingested from these resources into Azure Sentinel or Log Analytics.

Option A is incorrect because if the table is outside of the tenant, RBAC cannot be applied using Azure Arc since it is not within the Azure ecosystem.

Option C is incorrect because if the data is from Azure resources, RBAC can be applied using the built-in Azure RBAC feature for those resources.

Option D is incorrect because applying RBAC to a table containing restricted data is not related to the use of Azure Arc. RBAC policies can be applied within Azure Sentinel or Log Analytics itself to restrict access to the data.

Prev Question Next Question