Microsoft Cybersecurity Architect Expert SC-100

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: the Azure Monitor agent, resource-based role-based access control (RBAC)

The correct answers are B and C. Here is the detailed explanation: B. The Azure Monitor agent: The Azure Monitor agent can be used with a multi-homing configuration for on-premises servers that do not have direct internet access. This setup allows data collection and forwarding to Microsoft Sentinel, fulfilling the requirement to ensure both the security operations team can access the security logs and the operation logs. C. Resource-based role-based access control (RBAC): Implementing RBAC in Microsoft Sentinel will allow fine-grained access control, ensuring that the security operations team can access both security logs and operation logs while limiting the IT operations team's access only to the operation logs, including event logs of the servers in the perimeter network. The other options are not suitable: A custom collector that uses the Log Analytics agent would require internet access directly from the on-premises servers, which is not allowed. Azure AD Conditional Access policies do not provide the required granularity for log access control in this scenario.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: the Azure Monitor agent, resource-based role-based access control (RBAC)

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A customer operates in a hybrid cloud environment utilizing both a Microsoft 365 E5 subscription and an Azure subscription. The organization has implemented strict security measures to prevent all on-premises servers within the perimeter network from directly accessing the internet. After recovering from a ransomware attack, the customer intends to deploy Microsoft Sentinel to enhance their security monitoring capabilities. Your task is to recommend solutions that address the following objectives:

Enable the security operations team to access both security logs and operation logs.

Allow the IT operations team to access only the operations logs, which include event logs from servers within the perimeter network.

Which two solutions should you include in your recommendation? Each correct answer is worth one point, and both answers should independently fulfill the specified requirements.

Exam-Like

a custom collector that uses the Log Analytics agent

7.1%

the Azure Monitor agent

46.4%

resource-based role-based access control (RBAC)

46.4%

Azure Active Directory (Azure AD) Conditional Access policies