Your company has a Microsoft 365 subscription and uses Microsoft Defender for Identity.
You are informed about incidents that relate to compromised identities.
You need to recommend a solution to expose several accounts for attackers to exploit. When the attackers attempt to exploit the accounts, an alert must be triggered.
Which Defender for Identity feature should you include in the recommendation?
To expose several accounts for attackers to exploit and trigger an alert upon exploitation, the recommended feature is honeytoken entity tags. Honeytoken entities act as traps for malicious actors; any authentication attempt associated with these honeytoken entities triggers an alert, making them the ideal solution for this scenario.
https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide#honeytoken-activity
Ans is correct as The Sensitive tag is used to identify high value assets.(user / devices / groups)Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert. and Defender for Identity considers Exchange servers as high-value assets and automatically tags them as Sensitive
was on exam 15/06/23
honeytoken key
Selected answer: D, In exam Nov 23,
Was on exam 5/25/2023
D is the answer. https://learn.microsoft.com/en-us/defender-for-identity/entity-tags#honeytoken-tags Honeytoken entities are used as traps for malicious actors. Any authentication associated with these honeytoken entities triggers an alert.
Gotten this in May 2023 exam.
D. honeytoken entity tags
Pretty similarly worded question in exam on 16072024, passed with 895
In MDI you can set three types of Defender for Identity entity tags: Sensitive tags, Honeytoken tags, and Exchange server tags. For this question, D is correct: Honeytoken tags