Resource Level RBAC with Azure Arc in Log Analytics/Azure Sentinel: Scenario for SC-200 Exam
Question
In which of the following scenarios would you need Azure Arc to leverage resource level RBAC within Log Analytics/Azure Sentinel?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
![> Monitor | Logs
Monitor | Logs
Microsoft
Search (Ctl)
® Overview
Activity log
HB Alerts
ii. Metrics
Logs
Service Health
Workbooks
Insights
Applications
'® Virtual Machines
Storage Accounts (preview)
Be Containers
Networks (preview)
® cosmos DB (preview)
+ More
Settings
BE Diagnostics settings
‘Support + Troubleshooting
© Usage and estimated costs
f Advisor recommendations
Select a scope
Browse Recent
Resource group Resource types
Locations
[Airesoures groups Y)] [Aresource pes
J] [attocatons
‘P_ Search to filter tems
Scope
> (@) secure-secore-demo
> (@) soar
V{@ s0e
SS 43yfaidjg7z62syslog
AgentHealthAssessment(CyberSecurityDemo)
6b Automate-2216484-CCA
AzureActivity(CyberSecurityDemo)
BehaviorAnaiyticsinsights(CyberSecurityDemo)
(8) BlockaApp
(5) BlockiP_BlockUser ServcieNow
(5) BlockiP_Notify!T
(4) BlockIP_PaloAlto
A Selected scopes No scopes selected
No results
Apply
Resource type
Resource group
Resource group
Resource group
Storage account
Location
Canada Central
Solution Canada Central
‘Automation Account Canada Central
Solution Canada Central
Solution Canada Central
Logie app Canada Central
Logie app West Central Us
Logie app West Central US
Logie app West Central US](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Microsoft-Security-Operations-Analyst-(SC-200)/answer/imgsss3.png)
Reference:
Resource-based access control (RBAC) is a method used in Azure to regulate access to resources based on user roles and permissions. Azure Arc is a service that extends Azure management capabilities to resources outside of Azure, including on-premises and multi-cloud environments. Azure Sentinel and Log Analytics are two Azure services that provide security information and event management (SIEM) and log management capabilities, respectively.
Based on the options provided, the scenario in which Azure Arc is required to leverage resource level RBAC within Log Analytics/Azure Sentinel is option B: To apply RBAC to data which has come from on-prem resources within a table.
When data is ingested into Log Analytics or Azure Sentinel from on-premises resources, it is stored in a workspace within Azure. This workspace is managed by Azure Arc, and the resources from which the data originates are not managed by Azure. To apply RBAC to data from these resources, Azure Arc is required to extend Azure management capabilities to the on-premises resources. Azure Arc allows you to apply RBAC policies to these resources, which will also extend to the data that is ingested from these resources into Azure Sentinel or Log Analytics.
Option A is incorrect because if the table is outside of the tenant, RBAC cannot be applied using Azure Arc since it is not within the Azure ecosystem.
Option C is incorrect because if the data is from Azure resources, RBAC can be applied using the built-in Azure RBAC feature for those resources.
Option D is incorrect because applying RBAC to a table containing restricted data is not related to the use of Azure Arc. RBAC policies can be applied within Azure Sentinel or Log Analytics itself to restrict access to the data.