Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 4 Question 104 Discussion

You have the following environment:Azure SentinelA Microsoft 365 subscriptionMicrosoft Defender for IdentityAn Azure Active Directory (Azure AD) tenantYou configure Azure Sentinel to collect security logs from all the Active Directory member servers and domain controllers.You deploy Microsoft Defender for Identity by using standalone sensors.You need to ensure that you can detect when sensitive groups are modified in Active Directory.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
A) Configure the Advanced Audit Policy Configuration settings for the domain controllers. and D) Configure Windows Event Forwarding on the domain controllers.
B) Modify the permissions of the Domain Controllers organizational unit (OU).
C) Configure auditing in the Microsoft 365 compliance center.

Microsoft SC-200 Exam - Topic 4 Question 104 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 104
Topic #: 4
[All SC-200 Questions]

You have the following environment:

Azure Sentinel

A Microsoft 365 subscription

Microsoft Defender for Identity

An Azure Active Directory (Azure AD) tenant

You configure Azure Sentinel to collect security logs from all the Active Directory member servers and domain controllers.

You deploy Microsoft Defender for Identity by using standalone sensors.

You need to ensure that you can detect when sensitive groups are modified in Active Directory.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer: A, D

https://docs.microsoft.com/en-us/defender-for-identity/configure-windows-event-collection

https://docs.microsoft.com/en-us/defender-for-identity/configure-event-collection

by Alona at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tasia
1 month ago
I’m not sure about C. D could be more effective for real-time alerts.
upvoted 0 times
...
Herman
1 month ago
A and C make sense. Auditing in Microsoft 365 is key for compliance.
upvoted 0 times
...
Kerrie
1 month ago
I agree, A is definitely needed. But I’m leaning towards D too.
upvoted 0 times
...
Stephen
2 months ago
I think A and C are the best choices. Advanced Audit Policy is crucial.
upvoted 0 times
...
Cherilyn
2 months ago
I agree, A) and C) are the way to go!
upvoted 0 times
...
Kayleigh
2 months ago
Wait, can D) really help with this? Seems unlikely.
upvoted 0 times
...
Brittni
2 months ago
C) sounds like a good option too!
upvoted 0 times
...
Kristofer
2 months ago
I think B) is a bit overkill, not necessary.
upvoted 0 times
...
Mitzie
2 months ago
A) is definitely needed for auditing!
upvoted 0 times
...
Adolph
3 months ago
A and D, easy peasy. Gotta stay on top of that Active Directory security, am I right?
upvoted 0 times
...
Staci
3 months ago
Haha, I bet the person who wrote this question is an Active Directory ninja. A and D are the way to go!
upvoted 0 times
...
Felicitas
3 months ago
A and D for sure. Wouldn't want any unauthorized changes to those sensitive groups, am I right?
upvoted 0 times
...
Chandra
4 months ago
Definitely A and D. Can't let those pesky hackers mess with our Active Directory!
upvoted 0 times
...
Queen
4 months ago
A and D are the way to go. Gotta keep an eye on those sensitive groups!
upvoted 0 times
...
Lili
4 months ago
Windows Event Forwarding sounds familiar, but I can't recall if it's necessary for detecting changes in sensitive groups.
upvoted 0 times
...
Tamekia
4 months ago
I practiced a similar question about auditing in the Microsoft 365 compliance center, but I don't know if that's the right choice here.
upvoted 0 times
...
Kina
4 months ago
I'm not entirely sure, but I feel like modifying permissions of the Domain Controllers OU could help with monitoring sensitive group changes.
upvoted 0 times
...
Stephen
4 months ago
I think we might need to configure the Advanced Audit Policy for the domain controllers. I remember that being important for tracking changes.
upvoted 0 times
...
Laila
5 months ago
I'm not sure where to start. There are a lot of moving parts here with the different Microsoft services. I'll need to review the details of each component to figure out the best approach.
upvoted 0 times
...
Beatriz
5 months ago
I'm pretty confident I can solve this. The question is asking us to perform two actions, and the answer choices give us some good options to consider, like the Advanced Audit Policy Configuration and Windows Event Forwarding.
upvoted 0 times
...
Thurman
5 months ago
Okay, let's think this through step-by-step. We need to detect changes to sensitive groups in Active Directory, so I'm guessing we'll need to configure some kind of auditing or event forwarding.
upvoted 0 times
...
Tamar
5 months ago
Hmm, I'm a bit confused about the different components here. Azure Sentinel, Microsoft Defender for Identity, and Azure AD - how do they all fit together for this question?
upvoted 0 times
...
Jani
5 months ago
I think I know how to approach this one. The key is to focus on the security monitoring and auditing capabilities of the tools we have available.
upvoted 0 times
Carman
25 days ago
I believe we should configure the Advanced Audit Policy.
upvoted 0 times
...
...

Save Cancel