Your network contains an on-premises Active Directory domain.
Your company has a security policy that prevents additional software from being installed on domain controllers.
You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP).
What should you do? More than once choice may achieve the goal. Select the BEST answer.
A . Deploy an Azure ATP standalone sensor, and then configure port mirroring.
B . Deploy an Azure ATP standalone sensor, and then configure detections.
C . Deploy an Azure ATP sensor, and then configure detections.
D . Deploy an Azure ATP sensor, and then configure port mirroring.
Answer: C
Explanation:
If you’re installing on a domain controller, you don’t need a standalone ATP sensor. You need to configure the detections to detect application installations. With an ATP sensor (non-standalone), you don’t need to configure port mirroring.
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step5
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-capacity-planning#choosing-the-right-sensor-type-for-your-deployment