ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 2 question 39 discussion

Actual exam question from Microsoft's MS-500
Question #: 39
Topic #: 2
[All MS-500 Questions]

Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Microsoft Defender for Identity by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?

  • A. Configure Event Forwarding on the domain controllers.
  • B. Configure auditing in the Office 365 Security & Compliance center.
  • C. Turn on Delayed updates for the Microsoft Defender for Identity sensors.
  • D. Enable the Audit account management Group Policy setting for the servers.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Note:
There are several versions of this question in the exam. The questions in the exam have two different correct answers:
✑ Integrate SIEM and Microsoft Defender for Identity
✑ Configure Event Forwarding on the domain controllers
Other incorrect answer options you may see on the exam include the following:
✑ Configure Microsoft Defender for Identity notifications
✑ Modify the Domain synchronizer candidate settings on the Microsoft Defender for Identity sensors
✑ Configure auditing in the Microsoft 365 Defender portal
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-event-forwarding
by heshmat2022 at Sept. 21, 2022, 3:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Maxx4
1 year, 12 months ago
Selected Answer: D
The answer is D, From the Microsoft 365 compliance center, add and configure a data connector. To manage incidents based on alerts generated by Microsoft Cloud App Security, you need to first configure a data connector in the Microsoft 365 compliance center. This will allow Microsoft Cloud App Security to send its data to Azure Sentinel. Once the data connector is configured, you can create rules in Azure Sentinel to create incidents based on the alerts from Microsoft Cloud App Security. The other options are not necessary to manage incidents based on alerts generated by Microsoft Cloud App Security. Option A, configuring security extensions in the Cloud App Security portal, is used to extend the capabilities of Cloud App Security. It is not necessary to manage incidents. Option B, configuring app connectors in the Cloud App Security portal, is used to connect Cloud App Security to cloud applications. It is not necessary to manage incidents. Option C, configuring log collectors in the Cloud App Security portal, is used to collect logs from cloud applications. It is not necessary to manage incidents.
upvoted 1 times
Maxx4
1 year, 12 months ago
Sorry guys this answer was for the previous question related to the "ou need to manage incidents based on alerts generated by Microsoft Cloud App Security. What should you do first?". please ignore the answer for this question/ if the mod can delete this would be great. Thanks
upvoted 1 times
...
...
pete26
2 years, 8 months ago
Selected Answer: A
A is correct!
upvoted 2 times
...
Bob27745
2 years, 9 months ago
Valid on exam 9/21/2022
upvoted 3 times
...
heshmat2022
2 years, 9 months ago
To enhance detection capabilities, Defender for Identity needs the Windows events listed in Configure event collection. These can either be read automatically by the Defender for Identity sensor or in case the Defender for Identity sensor is not deployed, it can be forwarded to the Defender for Identity standalone sensor in one of two ways, by configuring the Defender for Identity standalone sensor to listen for SIEM events or by configuring Windows Event Forwarding.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel