ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-744 All Questions

View all questions & answers for the 70-744 exam
Go to Exam

Exam 70-744 topic 2 question 9 discussion

Actual exam question from Microsoft's 70-744
Question #: 9
Topic #: 2
[All 70-744 Questions]

Your network contains an Active Directory forest that contains 20 domain controllers. All the domain controllers run as virtual machines on Hyper-V hosts.
A corporate security policy prohibits the installation of software on the domain controllers.
You deploy Advanced Threat Analytics (ATA) and the ATA Gateway.
You need to collect data from the domain controllers by using ATA.
What should you do?

  • A. Run winrm /quickconfig on the domain controllers
  • B. Configure port mirroring on the virtual switches
  • C. Configure the User Rights Assignment security policy settings on the domain controller
  • D. Configure Windows Event Forwarding on the Hyper-V hosts
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
To enhance detection capabilities, ATA needs the following Windows events: 4776, 4732, 4733, 4728, 4729, 4756, 4757, 7045. These can either be read automatically by the ATA Lightweight Gateway or it can be forwarded to the ATA Gateway by configuring Windows Event Forwarding.
References:
https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection
by DES123 at July 25, 2020, 5:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
palermo
4 years, 5 months ago
Why not A? Run the following command on each domain controller: winrm quickconfig https://docs.microsoft.com/pl-pl/advanced-threat-analytics/configure-event-collection
upvoted 1 times
Rasto02
4 years, 5 months ago
I think 'winrm config' itself does not configure WEF ( a couple of other steps to complete).
upvoted 1 times
...
...
SamsOtro
4 years, 6 months ago
B is correct - need to enable Microsoft NDIS capture on virtual switch. https://above2661.rssing.com/chan-53707315/all_p1.html
upvoted 2 times
...
expert_ms
4 years, 7 months ago
I also think Port Mirroring
upvoted 3 times
...
KidCastaldo
4 years, 8 months ago
You'd have to forward events from the DCs not the HyperV hosts. Answer is B, port mirroring to capture network traffic to/from DCs
upvoted 4 times
...
hkshado
4 years, 10 months ago
For ATA gateway, either use port mirroring or Windows event forwarding to collect data
upvoted 2 times
...
Junky
4 years, 10 months ago
shoudl be B for aTA
upvoted 3 times
...
DES123
4 years, 11 months ago
what is the use of that on Hosts, i guess A is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel