ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 71 discussion

Actual exam question from Microsoft's MS-500
Question #: 71
Topic #: 1
[All MS-500 Questions]

Your network contains an on-premises Active Directory domain. The domain contains a domain controller named DC1.
You have a Microsoft 365 E5 subscription.
You install the Microsoft Defender for Identity sensor on DC1.
You need to configure enhanced threat detection in Defender for Identity. The solution must ensure that the following events are collected from DC1:
✑ 4726 - User Account Deleted
✑ 4728 - Member Added to Global Security Group
✑ 4776 - Domain Controller Attempted to Validate Credentials for an Account (NTLM)
What should you do on DC1?

  • A. Install the Azure Monitor agent.
  • B. Install System Monitor (SYSMON).
  • C. Configure the Windows Event Collector service.
  • D. Configure the Advanced Audit Policy Configuration policy.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by pete26 at Sept. 7, 2022, 2:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pete26
Highly Voted 2 years, 10 months ago
Selected Answer: D
D is correct. https://docs.microsoft.com/en-us/defender-for-identity/configure-windows-event-collection
upvoted 7 times
...
pete26
Highly Voted 2 years, 8 months ago
Valid on exam October 14, 2022
upvoted 7 times
...
RomanV
Most Recent 2 years, 2 months ago
The correct answer is D: Configure the Advanced Audit Policy Configuration policy. Every system admin should know this.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel