You are planning the deployment of Microsoft Sentinel. Which type of Microsoft Sentinel data connector should you use to meet the security requirements?
I think the answer given is correct. B and C are cloud-focused services and this is about on-prem threats. A is about a non-Microsoft tool. I didn't research it further, but given that Defender for Identity does make use of Domain Controller data for it's analysis (and protecting DCs is key for protecting user identities), D does make most sense to me. A rather tentative argumentation for now. Any further insights would be much appreciated!
Threat Intelligence – TAXII data connector
The most widely adopted industry standard for CTI transmission is the STIX data format and TAXII protocol. Organizations that get threat indicators from current STIX/TAXII version 2.x solutions can use the Threat Intelligence – TAXII data connector to import their threat indicators into Microsoft Sentinel. The built-in Microsoft Sentinel TAXII client imports threat intelligence from TAXII 2.x servers.
https://learn.microsoft.com/en-us/defender-for-identity/what-is
Microsoft Defender for Identity is a cloud-based security solution that uses your on-premises Active Directory signals to identify, detect, and investigat
https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources
After you onboard Microsoft Sentinel into your workspace, you can use data connectors to start ingesting your data into Microsoft Sentinel. Microsoft Sentinel comes with many out of the box connectors for Microsoft services, which you can integrate in real time. For example, the Microsoft 365 Defender connector is a service-to-service connector that integrates data from Office 365, Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps.
Answer is D
To meet the security requirement of implementing Microsoft Sentinel as a reporting solution to identify all connections to the domain controllers that use insecure protocols, the appropriate Microsoft Sentinel data connector to use would be D. Microsoft Defender for Identity.
Microsoft Defender for Identity (previously known as Azure Advanced Threat Protection) is a cloud-based security solution that leverages user behavioral analytics and machine learning to identify and detect suspicious activities in on-premises Active Directory environments. It can provide insights into the use of insecure protocols like NTLMv1, SMB1, and unsigned LDAP, which can help to identify and prevent security threats.
Threat Intelligence - TAXII, Azure Active Directory, and Microsoft Defender for Cloud are other types of data connectors available in Microsoft Sentinel, but they are not directly relevant to the security requirement of identifying all connections to the domain controllers that use insecure protocols.
OK this damn queston is hard- so the answer is A- but i may also be missing something -
https://learn.microsoft.com/en-us/azure/architecture/example-scenario/data/sentinel-threat-intelligence
Google this term and see what you get microsoft sentinel data connectors for threat protection- there are only 2 connectors for threat protection- thats why I chose A . - ITs A or D but I havent decided which i will answer on the test -
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.AZ-801 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
GoforIT21
Highly Voted 1 year, 8 months agorimvydukas
1 year, 5 months agoLeocan
1 year, 5 months agoBlackCat9588
Most Recent 4 months agoSaid_kram
7 months, 2 weeks agoterawatt
10 months agooro_blu
11 months, 2 weeks agosyu31svc
1 year, 1 month agoSuradjBajaj
1 year, 3 months agonefaxto
1 year, 3 months agojoehoesofat
1 year, 6 months ago