Your network contains an Active Directory domain named contoso.com.
You are deploying Microsoft Advanced Threat Analytics (ATA) to the domain.
You install the ATA Center on server named Server1 and the ATA Gateway on a server named Served.
You need to ensure that Server2 can collect NTLM authentication events.
What should you configure?

• A.the domain controllers to forward Event ID 4776 to Server2
• B.the domain controllers to forward Event ID 1000 to Server1
• C.Server2 to forward Event ID 1026 to Server1
• D.Server1 to forward Event ID 1000 to Server2

Correct Answer: A

Explanation
https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-architectureATA monitors your domain controller network traffic by utilizing port mirroring to an ATA Gateway using physicalor virtual switches.If you deploy the ATA Lightweight Gateway directly on your domain controllers, it removes the requirement for port mirroring.In addition, ATA can leverage Windows events (forwarded directly from your domain controllers orfrom a SIEM server) and See the GREEN line in the following figure, forward event ID 4776 which indicates NTLM authenticationis being used to ATA Gateway Server2.

Comment: *

Name: *

Email: *

Verification: *

You are implementing Privileged Access Management (PAM) for an Active Directory forest named contoso.com.
You install a bastion forest named adatum.com, and you establish a trust between the forests.
You need to create a group in contoso.com that will be used by Microsoft Identity Manager to create groups in adatum.com.
How should you configure the group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

References: https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment Production forest is contoso.comBastion forest is adatum.com
https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environmentA security group on the local domain (contoso.com)There must be a group in the existing domain, whose name is the NetBIOS domain name followed bythree dollar signs, e.g., CONTOSO$$$.The group scope must be domain local and the group type must be Security.This is needed for groups to be created in the dedicated administrative forest (adatum.com) with the sameSecurity identifier as groups in this domain(contoso.com).
Create this group with the followingNew-ADGroup -name 'CONTOSO$$$' -GroupCategory Security
-GroupScope DomainLocal -SamAccountName 'CONTOSO$$$'After this, MIM could create "Shadow Group" in bastion adatum.com forest.

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain named adatum.com. The domain contains a file server named Server1 that runs Windows Server 2016.
You have an organizational unit (OU) named OU1 that contains Server1.
You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.
A user named User1 is a member of group named Group1. The properties of User1 are shown in the User1 exhibit (Click the Exhibit button.)

User1 has permissions to two files on Server1 configured as shown in the following table.

From Auditing Entry for Global File SACL, you configure the advanced audit policy settings in GPO1 as shown in the SACL exhibit (Click the Exhibit button.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Correct Answer:

Explanation
From File Explorer, when User1 double-clicks File1.doc. an event will be logged: Yes From File Explorer, when User1 double-clicks File2.doc. an event will be logged: No From Microsoft Word, when User1 attempts to save changes to File1.doc, an event will be logged: No From the SACL, only Successful operations by User1 will be logged "Type: Success".

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain named contoso.com. The domain contains four servers.
The servers are configured as shown in the following table.

You need to manage FS1 and FS2 by using Just Enough Administration (JEA).
What should you do before you can implement JEA?

• A.Install Microsoft .NET Framework 4.6.2 on FS1
• B.Upgrade DC1 to Windows Server 2016
• C.Install Windows Management Framework 5.0 on FS2.
• D.Deploy Microsoft Identity Manager (MIM) 2016 to the domain.

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain named contoso.com. The domain functional level is Windows Server 2016. The domain contains a member server named Server1.
You test Code Integrity on Server1 in audit mode.
You need to enforce the Code Integrity levels on all the Windows Server 2016 servers in the domain.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Correct Answer:

Explanation:
References:
https://blogs.technet.microsoft.com/datacentersecurity/2018/03/10/default-code-integrity-policy-for-windows-server/

Comment: *

Name: *

Email: *

Verification: *