Microsoft Cybersecurity Architect Expert SC-100
Get started today
Ultimate access to all questions.
You are in the process of defining the security requirements for your organization’s Azure Cosmos DB Core (SQL) API accounts. Part of this task involves ensuring that you can effectively audit all user access to the data within these Cosmos DB accounts. To achieve this, you need to identify and suggest specific configurations that would enable comprehensive auditing. Which two configurations should you include in your recommendation? Each correct answer forms a component of the overall solution. NOTE: Each correct selection is worth one point.
You are in the process of defining the security requirements for your organization’s Azure Cosmos DB Core (SQL) API accounts. Part of this task involves ensuring that you can effectively audit all user access to the data within these Cosmos DB accounts. To achieve this, you need to identify and suggest specific configurations that would enable comprehensive auditing. Which two configurations should you include in your recommendation? Each correct answer forms a component of the overall solution. NOTE: Each correct selection is worth one point.
Explanation:
To audit all users that access the data in the Azure Cosmos DB accounts, you should include the following configurations:
-
Send the Azure Active Directory (Azure AD) sign-in logs to a Log Analytics workspace: This allows for tracking and auditing user sign-in activity, helping to identify who accessed the Cosmos DB.
-
Disable local authentication for Azure Cosmos DB: This enforces that only Azure AD identities are used for authentication, making it easier to audit and ensuring that all identities are tracked consistently through RBAC (Role-Based Access Control).
These configurations together ensure a comprehensive audit trail of user activity in Azure Cosmos DB by leveraging Azure AD's logging capabilities and eliminating alternate authentication methods which could complicate the audit process.