ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 3 question 92 discussion

Actual exam question from Microsoft's SC-200
Question #: 92
Topic #: 3
[All SC-200 Questions]

HOTSPOT
-

You have an Azure subscription that is linked to a hybrid Azure AD tenant and contains a Microsoft Sentinel workspace named Sentinel1.

You need to enable User and Entity Behavior Analytics (UEBA) for Sentinel and configure UEBA to use data collected from Active Directory Domain Services (AD DS).

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by danb67 at Oct. 23, 2023, 1:29 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
danb67
Highly Voted 1 year, 7 months ago
I think answer looks correct. https://learn.microsoft.com/en-us/azure/sentinel/enable-entity-behavior-analytics To sync user entities from on-premises Active Directory, your Azure tenant must be onboarded to Microsoft Defender for Identity (either standalone or as part of Microsoft 365 Defender) and you must have the MDI sensor installed on your Active Directory domain controller
upvoted 10 times
...
talosDevbot
Most Recent 7 months, 3 weeks ago
Correct answer. "To sync user entities from on-premises Active Directory, your Azure tenant must be onboarded to Microsoft Defender for Identity (either standalone or as part of Microsoft Defender XDR) and you must have the MDI sensor installed on your Active Directory domain controller"
upvoted 2 times
...
g_man_rap
9 months, 1 week ago
Microsoft Defender for Identity sensors: These sensors are deployed on AD DS domain controllers to monitor and collect security-related events and activities directly from Active Directory. Defender for Identity (formerly Azure ATP) plays a crucial role in detecting identity-based threats, which is essential for UEBA to analyze user and entity behavior in your organization. The Security Events data source: This data source must be configured in Microsoft Sentinel to collect relevant security event logs from your domain controllers. Security events such as logons, account lockouts, and other authentication-related events are crucial for UEBA to analyze and detect abnormal behaviors.
upvoted 1 times
...
Murtuza
1 year, 4 months ago
What data does Defender for Identity collect? Information collected includes: Security logs, such as Windows security events.
upvoted 2 times
...
Murtuza
1 year, 5 months ago
configure some data sources to populate Sentinel with data like SECURITY LOGON EVENTS so this statement implies data source for domain controllers Azure AD audit and sign-in logs, and Azure activity logs. This statement implies datasources in Azure
upvoted 2 times
...
chepeerick
1 year, 6 months ago
Correct option
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel