ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 2 question 36 discussion

Actual exam question from Microsoft's MS-500
Question #: 36
Topic #: 2
[All MS-500 Questions]

DRAG DROP -
You have an on-premises Hyper-V infrastructure that contains the following:
✑ An Active Directory domain
✑ A domain controller named Server1
✑ A member server named Server2
A security policy specifies that Server1 cannot connect to the Internet. Server2 can connect to the Internet.
You need to implement Azure Advanced Threat Protection (ATP) to monitor the security of the domain.
What should you configure on each server? To answer, drag the appropriate components to the correct servers. Each component may only be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

Show Suggested Answer Hide Answer
Suggested Answer:
by PeterC at March 13, 2021, 11:13 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PeterC
Highly Voted 4 years, 3 months ago
Correct is : Server1 - a port mirroring Source Server2 - an Azure ATP Standalone sensor & an Event subscription "For port mirroring, configure port mirroring for each domain controller to be monitored, as the source" https://docs.microsoft.com/en-us/defender-for-identity/configure-port-mirroring "After you configured port mirroring from the domain controllers to the Defender for Identity standalone sensor, follow the following instructions to configure Windows Event forwarding using Source Initiated configuration." https://docs.microsoft.com/en-us/defender-for-identity/configure-event-forwarding
upvoted 86 times
kiketxu
4 years, 3 months ago
Agree, thank you for sharing dude!
upvoted 4 times
...
hhaywood
4 years, 3 months ago
Agreed
upvoted 3 times
...
TimurKazan
4 years, 2 months ago
I would go with it too, as DC does not have Internet access it is logically correct that it should use port mirroring to some standalone sensor
upvoted 2 times
...
Joshing
3 years, 11 months ago
You shouldn't install standalone sensor on a DC. It most likely wouldn't allow you when it runs the checks on the server. So as everyone said the answer is wrong. Agreed with PeterC
upvoted 1 times
...
Load full discussion...
...
moutaz1983
Highly Voted 3 years, 10 months ago
Provided answer is wrong, I will go in the following: Server1 - a port mirroring Source Server2 - an Azure ATP Standalone sensor & an Event subscription
upvoted 6 times
...
Shadowankh
Most Recent 2 years, 6 months ago
.You install a Azure ATP sensor on domain controllers. Azure ATP standalone Sensor is installed on a dedicated server to monitor multiple domain controllers. As the DC has no internet connection, the standalone sensor needs to be installed on Server2. so Server1 - a port mirroring Source Server2 - an Azure ATP Standalone sensor & an Event subscription
upvoted 4 times
...
cluocal
3 years, 3 months ago
Server 1 (DC): Port mirroring SOURCE --> Mirroring network-traffic from DC as source to Server 2 with ATP standalone sensor!
upvoted 2 times
...
mbecile
3 years, 5 months ago
Everyone seems to be overlooking that the Domain Controller is in a Hyper-V environment. The given answer is correct. "If a virtual domain controller can't be covered by the Defender for Identity sensor, you can have either a virtual or physical Defender for Identity standalone sensor as described in Configure port mirroring." Source: https://docs.microsoft.com/en-us/defender-for-identity/technical-faq#how-do-i-monitor-a-virtual-domain-controller-using-defender-for-identity Port-Mirroring is supported for Virtual Defender for Standalone Identity Sensors with the Virtual Domain Controller on the same host. Source: https://docs.microsoft.com/en-us/defender-for-identity/configure-port-mirroring
upvoted 3 times
Jhill777
3 years, 4 months ago
The easiest way is to have a virtual Defender for Identity standalone sensor on every host where a virtual domain controller exists. Since they don't mention the host as an option, using server 2 is your only option.
upvoted 1 times
...
EzeQ
2 years, 8 months ago
Sorry but the source says in the beginning "Most virtual domain controllers can be covered by the Defender for Identity sensor" the remaining of the document is for the exceptions. The focus should be on the "can't connect to the internet"
upvoted 1 times
...
...
mkoprivnj
3 years, 7 months ago
Server1 - a port mirroring Source Server2 - an Azure ATP Standalone sensor & an Event subscription
upvoted 4 times
...
Rstilekar
3 years, 7 months ago
Azure ATP (now MS Defender for Identity) Sensor vs Standalone Sensor Azure ATP or MS Defender for Identity Sensor is installed directly on DC - It monitor the domain controller network traffic for signs of malicious activity, as well as other security risks such as connections made with weak or insecure protocols. ... The ATP standalone sensor monitors traffic that you direct to it by using port mirroring on your network switches. (Standalone sensor is not directly installed on DCs) So right answers are Server1 - a port mirroring Source Server2 - an Azure ATP (*name change - MS Defender for Identity) Standalone sensor & an Event subscription
upvoted 4 times
...
msjpman
3 years, 8 months ago
https://docs.microsoft.com/ja-jp/defender-for-identity/configure-port-mirroring
upvoted 1 times
...
jdemii
3 years, 9 months ago
https://docs.microsoft.com/en-us/defender-for-identity/technical-faq#deployment "The easiest way is to have a virtual Defender for Identity standalone sensor on every host where a virtual domain controller exists" I think the hint for this Q is the hyper-v host
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel