ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 1 question 16 discussion

Actual exam question from Microsoft's SC-100
Question #: 16
Topic #: 1
[All SC-100 Questions]

A customer has a hybrid cloud infrastructure that contains a Microsoft 365 E5 subscription and an Azure subscription.
All on-premises servers in the perimeter network are prevented from connecting directly to the internet.
The customer recently recovered from a ransomware attack.
The customer plans to deploy Microsoft Sentinel.
You need to recommend solutions to meet the following requirements:
✑ Ensure that the security operations team can access the security logs and the operation logs.
✑ Ensure that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network.
Which two solutions should you include in the recommendation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

  • A. a custom collector that uses the Log Analytics agent
  • B. the Azure Monitor agent
  • C. resource-based role-based access control (RBAC)
  • D. Azure Active Directory (Azure AD) Conditional Access policies
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by Alex_Burlachenko at Aug. 30, 2022, 6:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PlumpyTumbler
Highly Voted 2 years, 2 months ago
These answer options have been abridged. Other dumps say: A. Create a custom collector that uses the Log Analytics agent. B. Use the Azure Monitor agent with the multi-homing configuration. C. Implement resource-based role-based access control (RBAC) in Microsoft Sentinel. D. Configure Azure Active Directory (Azure AD) Conditional Access policies.
upvoted 22 times
PlumpyTumbler
2 years, 2 months ago
Given the expanded answers B and C are the clear best choices. B - this use case is spelled out in exact detail. This is must be the exact wording that the question was created from https://docs.microsoft.com/en-us/azure/sentinel/best-practices-data#on-premises-windows-log-collection C - https://docs.microsoft.com/en-us/azure/sentinel/resource-context-rbac#scenarios-for-resource-context-rbac
upvoted 19 times
JakeCallham
2 years, 1 month ago
The link for B also states this Servers do not connect to the internet, Use the Log Analytics gateway Configuring a proxy to your agent requires extra firewall rules to allow the Gateway to work.
upvoted 3 times
Gurulee
1 year, 7 months ago
"The Log Analytics gateway supports: Windows computers on which either the Azure Monitor Agent or the legacy Microsoft Monitoring Agent is directly connected to a Log Analytics workspace in Azure Monitor. Both the source and the gateway server must be running the same agent. You can't stream events from a server running Azure Monitor agent through a server running the gateway with the Log Analytics agent."
upvoted 2 times
...
...
...
...
Sorrynotsorry
Highly Voted 2 years, 2 months ago
Selected Answer: BC
I agree with B & C after the expaned version of the answers
upvoted 16 times
...
AleFerrillo
Most Recent 2 months, 1 week ago
Selected Answer: BC
Custom collector when sources are API/3rd parties/Apps -> no A
upvoted 1 times
...
JAGUDERO
7 months, 1 week ago
To meet the specified requirements for the customer’s hybrid cloud infrastructure, the two solutions that should be included in the recommendation are: A. Custom Collector with Log Analytics Agent: This solution can collect security and operation logs from on-premises servers and send them to Microsoft Sentinel. The custom collector can be configured to ensure that the security operations team has access to both security and operation logs. C. Resource-Based RBAC: This allows for fine-grained access control. By implementing RBAC, you can ensure that the security operations team has access to security logs and operation logs, while the IT operations team has access only to the operation logs. Solutions B and D are not complete solutions for the requirements stated. The Azure Monitor agent (B) is primarily for data collection and doesn’t provide access control, while Azure AD Conditional Access policies (D) are used for managing access based on conditions and do not directly control log access.
upvoted 3 times
...
JHJ44
7 months, 1 week ago
A/C Custom Collector with Log Analytics Agent: Deploy a custom collector that utilizes the Log Analytics agent. This agent allows you to collect security logs and operation logs from various sources, including on-premises servers. By configuring custom collectors, the security operations team can access both security logs and operation logs. Points: 1 Resource-Based Role-Based Access Control (RBAC): Utilize Azure RBAC to create and assign roles within your security operations team. Assign appropriate roles to grant access to Microsoft Sentinel resources. For the IT operations team, assign roles that provide access only to operation logs (such as event logs from servers in the perimeter network). By fine-tuning RBAC, you ensure that each team has the necessary access without compromising security.
upvoted 1 times
...
Murtuza
10 months, 3 weeks ago
Requires splitting operation and security logs Use the Microsoft Monitor Agent or Azure Monitor Agent multi-home functionality
upvoted 2 times
...
Azerty1313
11 months, 2 weeks ago
Really don't get the point of B. Why? It all depends on how you read the question. There is a need for 2 different teams to see the logs. -> RBAC Second part is only from the perimeter. I read this as the operation people need to be at a certain place before they can read it -> conditional access So I would go for C & D.
upvoted 1 times
Azerty1313
11 months, 2 weeks ago
reading it again it will probably be the servers in the perimeter network
upvoted 1 times
...
...
BlackZeros
1 year, 4 months ago
the actual multiple-choice answers did not make much sense until Plumpy pointed out the full wording.
upvoted 4 times
...
Ario
1 year, 4 months ago
A and B
upvoted 1 times
Ario
1 year, 4 months ago
Was A TYPO A AND C
upvoted 1 times
...
...
imsidrai
1 year, 4 months ago
what is Resource Based Access control?? Its Role based Access control,
upvoted 1 times
...
Avanade2023
1 year, 5 months ago
I am sorry, maybe my understand is wrong. why B is the answer like C as a complete solution? the Question condition is "Each correct answer presents a complete solution". I think that Azure Monitor agent is needed of cause, but it is for collecting the log data, doesn't meet the solution's requirements to control access. If the question condition is "Each correct answer presents part of the solution", I will agree with B & C.
upvoted 1 times
...
zellck
1 year, 6 months ago
Selected Answer: AC
AC is the answer. https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources#custom-logs For some data sources, you can collect logs as files on Windows or Linux computers using the Log Analytics custom log collection agent. https://learn.microsoft.com/en-us/azure/sentinel/resource-context-rbac Typically, users who have access to a Microsoft Sentinel workspace also have access to all the workspace data, including security content. Administrators can use Azure roles to configure access to specific features in Microsoft Sentinel, depending on the access requirements in their team.
upvoted 2 times
...
AJ2021
1 year, 8 months ago
Selected Answer: BC
B: Tricky one, no internet on on-premise servers, you need to use the Log Analytics gateway in Azure Monitor. https://learn.microsoft.com/en-us/azure/azure-monitor/agents/gateway C: RBAC
upvoted 3 times
...
God2029
1 year, 9 months ago
The legacy Log Analytics agent will be deprecated by August 2024, Microsoft recommends to migrate/use Azure Monitor Agent. So if both Log analytics agent and Azure monitor Agents are there in the answer choose the latter.
upvoted 6 times
...
rmafnc
1 year, 9 months ago
A. a custom collector that uses the Log Analytics agent C. resource-based role-based access control (RBAC)
upvoted 2 times
...
awssecuritynewbie
1 year, 9 months ago
I agree With the answers, but the explanation is very poor. I would really improve on that.
upvoted 1 times
...
hpl1908
1 year, 9 months ago
Selected Answer: AC
A & C is the right answer
upvoted 2 times
hpl1908
1 year, 9 months ago
To meet the requirements of ensuring that the security operations team can access the security logs and the operation logs, and ensuring that the IT operations team can access only the operations logs, including the event logs of the servers in the perimeter network, you can recommend the following solutions: A. A custom collector that uses the Log Analytics agent - this will allow you to collect security logs and operation logs from on-premises servers and Microsoft 365, and send the logs to Microsoft Sentinel. C. Resource-based role-based access control (RBAC) - this will allow you to assign specific access permissions to different teams based on the resources they need to access. For example, you can assign the security operations team access to both the security logs and the operation logs, and assign the IT operations team access only to the operation logs, including the event logs of the servers in the perimeter network.
upvoted 1 times
Fal991l
1 year, 8 months ago
That's from ChatGPT.
upvoted 2 times
...
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago