What should you do?

Posted by: Pdfprep Category: 70-744 Tags: , ,

Your network contains an Active Directory forest that contains 20 domain controllers. All the domain controllers run as virtual machines on Hyper-V hosts.

A corporate security policy prohibits the installation of software on the domain controllers.

You deploy Advanced Threat Analytics (ATA) and the ATA Gateway.

You need to collect data from the domain controllers by using ATA.

What should you do?

A. Run winrm /quickconfig on the domain controllers

B. Configure port mirroring on the virtual switches

C. Configure the User Rights Assignment security policy settings on the domain controller

D. Configure Windows Event Forwarding on the Hyper-V hosts

Answer: D

Explanation:

To enhance detection capabilities, ATA needs the following Windows events: 4776, 4732, 4733, 4728, 4729, 4756, 4757, 7045. These can either be read automatically by the ATA Lightweight Gateway or it can be forwarded to the ATA Gateway by configuring Windows Event Forwarding.

References:

https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection

Leave a Reply

Your email address will not be published.