Exam 70-744 topic 1 question 65 discussion

Actual exam question from Microsoft's 70-744

Question #: 65
Topic #: 1

HOTSPOT -
Your network contains an Active Directory domain named contoso.com.
You are deploying Microsoft Advanced Threat Analytics (ATA) to the domain. You install the ATA Gateway on a server named Server1.
To assist in detecting Pass-the-Hash attacks, you plan to configure ATA Gateway to collect events.
You need to configure the query filter for event subscriptions on Server1.
How should you configure the query filter? To answer, select the appropriate options in the answer are.
Hot Area:

Show Suggested Answer

Suggested Answer:

References:
https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection

by Kamikazekiller at Aug. 8, 2020, 8:55 p.m.

Comments

Submit Cancel

Timock

4 years, 3 months ago

In previous versions of ATA, the only event required was event ID 4776. In ATA v1.8, ATA requires the following event IDs 4732, 4733, 4728, 4729, 4756, 4757 in addition to 4776. And of course these are security logs Click Select Events. Click By log and select Security. In the Includes/Excludes Event ID field type the event number and click OK. For example, type 4776, like in the following sample. Answer: Security & 4776

upvoted 1 times

...

SamsOtro

4 years, 5 months ago

Security log and event 4776 are correct.

upvoted 3 times

...

Kamikazekiller

4 years, 9 months ago

Correct

upvoted 4 times

...

Exam 70-744 All Questions

View all questions & answers for the 70-744 exam

Exam 70-744 topic 1 question 65 discussion

Comments

Timock

SamsOtro

Kamikazekiller

SY0-701