ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-744 All Questions

View all questions & answers for the 70-744 exam
Go to Exam

Exam 70-744 topic 1 question 140 discussion

Actual exam question from Microsoft's 70-744
Question #: 140
Topic #: 1
[All 70-744 Questions]

HOTSPOT -
Your network contains an Active Directory domain named contoso.com. The domain contains multiple servers that run multiple applications. Domain user accounts are used to authenticate access requests to the servers.
You plan to prevent NTLM from being used to authenticate to the servers.
You start to audit NTLM authentication events for the domain. You need to view all of the NTLM authentication events and to identify which applications authenticate by using NTLM.
On which computers should you review the event logs and which logs should you review? To answer, select the appropriate options in the answer area.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain https://www.itprotoday.com/windows-78/access-denied-identifying-logon-attempts-use-disabled-accounts
by DES123 at July 25, 2020, 4:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DES123
Highly Voted 4 years, 9 months ago
NTLM\Operational
upvoted 6 times
simcauley
4 years, 9 months ago
Correct
upvoted 2 times
...
...
Kamikazekiller
Highly Voted 4 years, 9 months ago
Only Domain Controllers Application and services logs\Microsoft\Windows\NTLM\Operational
upvoted 6 times
...
rodobew
Most Recent 4 years, 4 months ago
Correct Answer is: Only Domain Controllers Applications and Services Log\Microsoft\Windows\NTLM\Operational Explanation: All authentication happens at the Domain Controller. You need to audit all of your Domain Controllers to get these events. The computers log authentication requests, but the actual authentication success/failure events are logged at the DC, along with information on who/what made the request.
upvoted 2 times
...
SamsOtro
4 years, 5 months ago
Agree - Only Domain Controllers Application and services logs\Microsoft\Windows\NTLM\Operational
upvoted 3 times
...
songogo
4 years, 5 months ago
Computers on which to review the event logs: Only client computers Event logs to review: Applications and Services Logs\Microsoft\Windows\NTLM\Operational Do not confuse this with event ID 4776 recorded on domain controller's security event log!!! This question asks for implementing NTLM auditing when domain clients is connecting to member servers! See below for further information. https://docs.microsoft.com/en-us/windows/device-security/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain Via lab testing, most of the NTLM audit logs are created on Windows 10 clients, except that you use Windows Server 2016 OS as clients (but this is unusual)
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago