ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 84 discussion

Actual exam question from Microsoft's SC-200
Question #: 84
Topic #: 3
[All SC-200 Questions]

DRAG DROP
-

Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant.

You have a Microsoft Sentinel workspace named Sentinel1.

You need to enable User and Entity Behavior Analytics (UEBA) for Sentinel1 and collect security events from the AD DS domain.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Show Suggested Answer Hide Answer
Suggested Answer:
by Fez786 at Sept. 9, 2023, 7:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mali1969
Highly Voted 1 year, 7 months ago
For Sentinel1, configure the Microsoft defender for identity connector. This will allow you to sync user entities from on-premises Active Directory, using Microsoft Defender for Identity. To the AD DS Domain, deploy Microsoft Defender for Identity. You need to install the MDI sensor on your Active Directory domain controller to enable UEBA to collect security events from your on-premises AD DS domain. For Sentinel1, enable UEBA. You need to switch the toggle to On and select the data sources on which you want to enable UEBA.
upvoted 9 times
Phil_79
1 year, 7 months ago
Shouldn't you deploy MDI before connecting it to Sentinel?
upvoted 3 times
danb67
1 year, 6 months ago
Yes I have deployed this many times. No point doing the connector before the sensor. Answer is correct.
upvoted 5 times
...
...
...
ApexPredator84
Highly Voted 1 year, 4 months ago
In the exam on 21/12/2023
upvoted 6 times
...
12369b6
Most Recent 6 months ago
To enable User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel and collect security events from the on-premises AD DS domain, the following steps should be performed in sequence: 1. To the AD DS domain, deploy Microsoft Defender for Identity This step is necessary to monitor and collect security events from the on-premises AD DS domain. 2. For Sentinel1, configure the Microsoft Defender for Identity connector Once Microsoft Defender for Identity is deployed, you need to connect it to Sentinel1 to start collecting data. 3. For Sentinel1, enable UEBA After setting up the data collection, you can enable UEBA in Sentinel1 to analyze user and entity behavior.
upvoted 1 times
...
user636
8 months, 1 week ago
The answer is correct: Deploy MDI to the on-premises Active Directory Domain Services (AD DS) domain, then configure the Sentinal for UEBA. Ref: https://learn.microsoft.com/en-us/azure/sentinel/enable-entity-behavior-analytics?tabs=defender#how-to-enable-user-and-entity-behavior-analytics In the article above, check the step 3. it states: "To sync user entities from on-premises Active Directory, your Azure tenant must be onboarded to Microsoft Defender for Identity (either standalone or as part of Microsoft Defender XDR) and you must have the MDI sensor installed on your Active Directory domain controller." It seems the answer provided is correct.
upvoted 1 times
...
chepeerick
1 year, 6 months ago
Correct option
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago