Within which Identity Protection menu would an administrator enable Authentication Traffic Inspection (ATI) for a domain?
Authentication Traffic Inspection (ATI) is enabled through Identity Configuration Policies, which define how the Falcon sensor captures and inspects identity-related network traffic. According to the CCIS documentation, ATI configuration is performed under Configure > Identity Configuration Policies.
These policies allow administrators to specify which authentication protocols are inspected, which domain controllers are covered, and how identity telemetry is collected. This configuration step is mandatory to enable identity visibility and detection capabilities.
The Enforce menu is used for policy rules and automated actions, not traffic inspection. General settings do not control sensor inspection behavior. Because ATI directly affects sensor data capture, it is managed exclusively through Identity Configuration Policies.
Therefore, Option D is the correct and verified answer.
Currently there are no comments in this discussion, be the first to comment!