Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity.
You are informed about incidents that relate to compromised identities.
You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered.
Which Defender for Identity feature should you include in the recommendation?
To expose several accounts for attackers to exploit and trigger an alert upon exploitation, the recommended feature is honeytoken entity tags. Honeytoken entities act as traps for malicious actors; any authentication attempt associated with these honeytoken entities triggers an alert, making them the ideal solution for this scenario.
https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide#honeytoken-activity
Ans is correct as The Sensitive tag is used to identify high value assets.(user / devices / groups)Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert. and Defender for Identity considers Exchange servers as high-value assets and automatically tags them as Sensitive
honeytoken key
was on exam 15/06/23
D. honeytoken entity tags
D is the answer. https://learn.microsoft.com/en-us/defender-for-identity/entity-tags#honeytoken-tags Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert.
Gotten this in May 2023 exam.
Was on exam 5/25/2023
Selected answer: D, In exam Nov 23,
In MDI you can set three types of Defender for Identity entity tags: Sensitive tags, Honeytoken tags, and Exchange server tags. For this question, D is correct: Honeytoken tags
Pretty similarly worded question in exam on 16072024, passed with 895