Examice

Exam SC-200 All QuestionsBrowse all questions from this exam

Go to Exam

Question 278

Your on-premises network contains an Active Directory Domain Services (AD DS) forest.

You have a Microsoft Entra tenant that uses Microsoft Defender for Identity. The AD DS forest syncs with the tenant.

You need to create a hunting query that will identify LDAP simple binds to the AD DS domain controllers.

Which table should you query?

AADServicePrincipalRiskEvents

AADDomainServicesAccountLogon

SigninLogs

IdentityLogonEvents

Correct Answer: B

Discussion

DChildsOption: D

Here is a sample query from Microsoft Learn documentation: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/queries/identitylogonevents

rsanx42

Agreed.

pk69Option: D

IdentityLogonEvents

laddu001Option: B

, the correct table to query for identifying LDAP simple binds to the AD DS domain controllers is AADDomainServicesAccountLogon.\

Hawklx

No, this is for Entra ID Domain Services

e072f83Option: D

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/enhancing-microsoft-defender-for-identity-data-using-microsoft/ba-p/2178286