ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 2 question 72 discussion

Actual exam question from Microsoft's MS-500
Question #: 72
Topic #: 2
[All MS-500 Questions]

Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.

The security logs of the servers are collected by using a third-party SIEM solution.

You purchase a Microsoft 365 subscription and plan to deploy Microsoft Defender for Identity by using standalone sensors.

You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.

What should you do?

  • A. Configure Event Forwarding on the domain controllers.
  • B. Configure Microsoft Defender for Identity notifications.
  • C. Configure auditing in the Microsoft 365 Defender portal.
  • D. Enable the Audit account management Group Policy setting for the servers.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by 67bdb19 at Aug. 4, 2025, 8:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
67bdb19
2 weeks ago
Selected Answer: A
I'd bet my certification on A. It's the only logical solution presented.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel