X

AZ 801 / Q4 / T6

  • 1 view
Exam
Microsoft AZ-801
Answer needs confirmation
Exam Topics Questions
Question

You are planning the deployment of Microsoft Sentinel.
Which type of Microsoft Sentinel data connector should you use to meet the security requirements?

Proposed answer
  • A. Threat Intelligence - TAXII
  • B. Azure Active Directory
  • C. Microsoft Defender for Cloud
  • D. Microsoft Defender for Identity
Suggested answer

D. Microsoft Defender for Identity

Comments
GoforIT21

Highly Voted 1 year, 4 months ago 

Selected Answer: D

I think the answer given is correct. B and C are cloud-focused services and this is about on-prem threats. A is about a non-Microsoft tool. I didn't research it further, but given that Defender for Identity does make use of Domain Controller data for it's analysis (and protecting DCs is key for protecting user identities), D does make most sense to me. A rather tentative argumentation for now. Any further insights would be much appreciated!

upvoted 8 times 

rimvydukas

1 year, 1 month ago 

Threat Intelligence – TAXII data connector The most widely adopted industry standard for CTI transmission is the STIX data format and TAXII protocol. Organizations that get threat indicators from current STIX/TAXII version 2.x solutions can use the Threat Intelligence – TAXII data connector to import their threat indicators into Microsoft Sentinel. The built-in Microsoft Sentinel TAXII client imports threat intelligence from TAXII 2.x servers.

upvoted 3 times 

Leocan

1 year, 1 month ago 

The answer is D. https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration

upvoted 2 times 

BlackCat9588

Most Recent 2 days, 13 hours ago 

Selected Answer: D

D. Microsoft Defender for Identity

upvoted 1 times 

Said_kram

3 months, 1 week ago 

The answer is D, MDI You should create a custom detection rule on MDI side

upvoted 1 times 

terawatt

6 months ago 

I think Defender for Identity is now part of Cloud Defender, so on exam it should be that - hopefully properly updated in live exam :D

upvoted 1 times 

oro_blu

7 months, 2 weeks ago 

Selected Answer: D

https://learn.microsoft.com/en-us/defender-for-identity/what-is Microsoft Defender for Identity is a cloud-based security solution that uses your on-premises Active Directory signals to identify, detect, and investigat

upvoted 1 times 

syu31svc

9 months, 2 weeks ago 

Selected Answer: D

https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources After you onboard Microsoft Sentinel into your workspace, you can use data connectors to start ingesting your data into Microsoft Sentinel. Microsoft Sentinel comes with many out of the box connectors for Microsoft services, which you can integrate in real time. For example, the Microsoft 365 Defender connector is a service-to-service connector that integrates data from Office 365, Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps. Answer is D

upvoted 3 times 

SuradjBajaj

11 months, 1 week ago 

Selected Answer: D

To meet the security requirement of implementing Microsoft Sentinel as a reporting solution to identify all connections to the domain controllers that use insecure protocols, the appropriate Microsoft Sentinel data connector to use would be D. Microsoft Defender for Identity. Microsoft Defender for Identity (previously known as Azure Advanced Threat Protection) is a cloud-based security solution that leverages user behavioral analytics and machine learning to identify and detect suspicious activities in on-premises Active Directory environments. It can provide insights into the use of insecure protocols like NTLMv1, SMB1, and unsigned LDAP, which can help to identify and prevent security threats. Threat Intelligence - TAXII, Azure Active Directory, and Microsoft Defender for Cloud are other types of data connectors available in Microsoft Sentinel, but they are not directly relevant to the security requirement of identifying all connections to the domain controllers that use insecure protocols.

upvoted 3 times 

nefaxto

11 months, 1 week ago 

Selected Answer: D

I think is correct https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/microsoft-defender-for-identity

upvoted 2 times 

joehoesofat

1 year, 2 months ago 

Selected Answer: A

OK this damn queston is hard- so the answer is A- but i may also be missing something - https://learn.microsoft.com/en-us/azure/architecture/example-scenario/data/sentinel-threat-intelligence Google this term and see what you get microsoft sentinel data connectors for threat protection- there are only 2 connectors for threat protection- thats why I chose A . - ITs A or D but I havent decided which i will answer on the test -

upvoted 3 times