Scenario for Leveraging Resource Level RBAC with Azure Arc in Log Analytics/Azure Sentinel

Resource Level RBAC with Azure Arc in Log Analytics/Azure Sentinel: Scenario for SC-200 Exam

Question

In which of the following scenarios would you need Azure Arc to leverage resource level RBAC within Log Analytics/Azure Sentinel?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B.

> Monitor | Logs

Monitor | Logs

Microsoft

Search (Ctl)

® Overview

Activity log
HB Alerts
ii. Metrics

Logs

Service Health

Workbooks

Insights
Applications

'® Virtual Machines

Storage Accounts (preview)
Be Containers

Networks (preview)
® cosmos DB (preview)

+ More

Settings

BE Diagnostics settings

‘Support + Troubleshooting
© Usage and estimated costs

f Advisor recommendations

Select a scope

Browse Recent

Resource group Resource types

Locations

[Airesoures groups Y)] [Aresource pes

J] [attocatons

‘P_ Search to filter tems

Scope

> (@) secure-secore-demo
> (@) soar
V{@ s0e
SS 43yfaidjg7z62syslog
AgentHealthAssessment(CyberSecurityDemo)
6b Automate-2216484-CCA
AzureActivity(CyberSecurityDemo)
BehaviorAnaiyticsinsights(CyberSecurityDemo)
(8) BlockaApp
(5) BlockiP_BlockUser ServcieNow
(5) BlockiP_Notify!T

(4) BlockIP_PaloAlto

A Selected scopes No scopes selected

No results

Apply

Resource type

Resource group
Resource group
Resource group

Storage account

Location

Canada Central

Solution Canada Central
‘Automation Account Canada Central
Solution Canada Central
Solution Canada Central
Logie app Canada Central
Logie app West Central Us
Logie app West Central US
Logie app West Central US

Reference:

Resource-based access control (RBAC) is a method used in Azure to regulate access to resources based on user roles and permissions. Azure Arc is a service that extends Azure management capabilities to resources outside of Azure, including on-premises and multi-cloud environments. Azure Sentinel and Log Analytics are two Azure services that provide security information and event management (SIEM) and log management capabilities, respectively.

Based on the options provided, the scenario in which Azure Arc is required to leverage resource level RBAC within Log Analytics/Azure Sentinel is option B: To apply RBAC to data which has come from on-prem resources within a table.

When data is ingested into Log Analytics or Azure Sentinel from on-premises resources, it is stored in a workspace within Azure. This workspace is managed by Azure Arc, and the resources from which the data originates are not managed by Azure. To apply RBAC to data from these resources, Azure Arc is required to extend Azure management capabilities to the on-premises resources. Azure Arc allows you to apply RBAC policies to these resources, which will also extend to the data that is ingested from these resources into Azure Sentinel or Log Analytics.

Option A is incorrect because if the table is outside of the tenant, RBAC cannot be applied using Azure Arc since it is not within the Azure ecosystem.

Option C is incorrect because if the data is from Azure resources, RBAC can be applied using the built-in Azure RBAC feature for those resources.

Option D is incorrect because applying RBAC to a table containing restricted data is not related to the use of Azure Arc. RBAC policies can be applied within Azure Sentinel or Log Analytics itself to restrict access to the data.