MicrosoftMicrosoft
AZ-801 · Question #2
AZ-801 Question #2: Real Exam Question with Answer & Explanation
The correct answer is D: Microsoft Defender for Identity. To collect security events and alerts related to identity threats for Microsoft Sentinel, the Microsoft Defender for Identity data connector should be used.
Secure Windows Server on-premises and hybrid infrastructures
Question
You are planning the deployment of Microsoft Sentinel. Which type of Microsoft Sentinel data connector should you use to meet the security requirements?
Options
- AThreat Intelligence -TAXII
- BAzure Active Directory
- CMicrosoft Defender for Cloud
- DMicrosoft Defender for Identity
Explanation
To collect security events and alerts related to identity threats for Microsoft Sentinel, the Microsoft Defender for Identity data connector should be used.
Common mistakes.
- A. Threat Intelligence - TAXII is used to import threat intelligence feeds into Sentinel, which is different from collecting security data from an identity protection service.
- B. The Azure Active Directory data connector ingests audit logs, sign-in logs, and provisioning logs from Azure AD, which focuses on cloud identity, not specifically the advanced on-premises identity threat detection provided by Defender for Identity.
- C. The Microsoft Defender for Cloud data connector ingests security alerts and recommendations from Defender for Cloud, which focuses on cloud resource security and workload protection, not specifically advanced on-premises identity threat detection.
Concept tested. Microsoft Sentinel data connectors for identity protection
Topics
#Microsoft Sentinel#Data Connectors#Identity Security#Microsoft Defender for Identity
Community Discussion
No community discussion yet for this question.