ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 2 question 32 discussion

Actual exam question from Microsoft's MS-500
Question #: 32
Topic #: 2
[All MS-500 Questions]

Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled.
The security logs of the servers are collected by using a third-party SIEM solution.
You purchase a Microsoft 365 subscription and plan to deploy Microsoft Defender for Identity by using standalone sensors.
You need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
What should you do?

  • A. Turn off Delayed updates for the Microsoft Defender for Identity sensors.
  • B. Configure auditing in the Microsoft 365 Compliance center.
  • C. Turn on Delayed updates for the Microsoft Defender for Identity sensors.
  • D. Integrate SIEM and Microsoft Defender for Identity.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Note:
There are several versions of this question in the exam. The questions in the exam have two different correct answers:
✑ Integrate SIEM and Microsoft Defender for Identity
Configure Event Forwarding on the domain controllers

Other incorrect answer options you may see on the exam include the following:
✑ Configure Microsoft Defender for Identity notifications
✑ Modify the Domain synchronizer candidate settings on the Microsoft Defender for Identity sensors
✑ Enable the Audit account management Group Policy setting for the servers
✑ Configure auditing in the Microsoft 365 Defender portal
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-event-forwarding
by Bob27745 at Sept. 21, 2022, 8:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bob27745
Highly Voted 2 years, 9 months ago
Valid on exam 9/21/2022
upvoted 5 times
...
Maxx4
Most Recent 2 years ago
Selected Answer: D
The answer is D, Integrate SIEM and Microsoft Defender for Identity. Microsoft Defender for Identity can be integrated with a third-party SIEM solution to collect and analyze security logs from your on-premises Active Directory domain. This integration allows you to detect when sensitive groups are modified and when malicious services are created. To integrate SIEM and Microsoft Defender for Identity, you will need to: Configure the SIEM solution to collect security logs from your on-premises Active Directory domain. Configure Microsoft Defender for Identity to export security logs to the SIEM solution. Configure the SIEM solution to analyze the security logs from Microsoft Defender for Identity. Once the integration is configured, you will be able to view and investigate security events in Microsoft Defender for Identity from the SIEM solution. This will allow you to get a unified view of security events across your on-premises and cloud environments.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel