Securing Windows Server 2016 — Question 4

Your network contains an Active Directory domain named contoso.com.
You are deploying Microsoft Advanced Threat Analytics (ATA).
You create a user named User1.
You need to configure the user account of User1 as a Honeytoken account.
Which information must you use to configure the Honeytoken account?

Answer options

• A. The SAM account name of User1
• B. The Globally Unique Identifier (GUID) of User1
• C. the SID of User1
• D. the UPN of User1

Correct answer: C

Explanation

The correct answer is C, the SID of User1, because Honeytoken accounts are typically identified using their Security Identifier (SID) to ensure they can be uniquely tracked in security monitoring. The other options, while relevant to user accounts, do not provide the necessary identification for configuring a Honeytoken account within ATA.