Securing Windows Server 2016 — Question 77

Your network contains an Active Directory forest that contains 20 domain controllers. All the domain controllers run as virtual machines on Hyper-V hosts.
A corporate security policy prohibits the installation of software on the domain controllers.
You deploy Advanced Threat Analytics (ATA) and the ATA Gateway.
You need to collect data from the domain controllers by using ATA.
What should you do?

Answer options

• A. Run winrm /quickconfig on the domain controllers
• B. Configure port mirroring on the virtual switches
• C. Configure the User Rights Assignment security policy settings on the domain controller
• D. Configure Windows Event Forwarding on the Hyper-V hosts

Correct answer: D

Explanation

The correct answer is D because configuring Windows Event Forwarding on the Hyper-V hosts allows the ATA to collect necessary event data without installing software on the domain controllers. Option A is incorrect as winrm is not needed for data collection in this context. Option B is not suitable since port mirroring does not directly facilitate ATA data collection. Option C is irrelevant as User Rights Assignment does not impact ATA's data collection method.