You enable controlled folder access in audit mode for several computers that run Windows 10. You need to review the events audited by controlled folder access. Which Event Viewer log should you view?
A.
Applications and Services\Microsoft\Windows\Windows Defender\Operational
B.
Windows\Security
C.
Applications and Services\Microsoft\Windows\Known Folders\Operational
April 2022. Still on Windows Event Viewer under Microsoft/Windows/Windows Defender/Operational
Source:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access?view=o365-worldwide#review-controlled-folder-access-events-in-windows-event-viewer
Endpoint Account protection (Preview) policies help protect user credential by using technology such as Windows Hello for Business and Credential Guard. It has nothing to do with Event Viewer.
Controlled folder access events appear in Windows Event Viewer: Microsoft/Windows/Windows Defender/Operational folder.
Event ID Description
5007 Event when settings are changed
1124 Audited controlled folder access event
1123 Blocked controlled folder access event
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/evaluate-controlled-folder-access?view=o365-worldwide
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.MD-101 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SethuRam
Highly Voted 3 years, 7 months agoRodrigoT
3 years agoletters1234
Most Recent 3 years, 2 months ago