Securing Windows Server 2016 — Question 121

Your network contains an Active Directory domain.
Microsoft Advanced Threat Analytics (ATA) is deployed to the domain.
A database administrator named DBA1 suspects that her user account was compromised.
Which three events can you identify by using ATA? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

Answer options

• A. Domain computers into which DBA1 recently signed.
• B. Phishing attempts that targeted DBA1.
• C. The last time DBA1 experienced a failed logon attempt.
• D. Spam messages received by DBA1.
• E. Servers that DBA1 recently accessed.

Correct answer: A, C, E

Explanation

The correct answers are A, C, and E because ATA is designed to track user activities, including logins to domain computers and servers accessed, as well as failed logon attempts. Options B and D are incorrect because ATA does not focus on identifying phishing attempts or spam messages, which are outside its primary monitoring capabilities.