Microsoft Cybersecurity Architect — Question 71

Your on-premises network contains an Active Directory Domain Services (AD DS) domain. The domain contains 500 Windows 11 devices.

You have a Microsoft 365 subscription and an Azure subscription.

You have a Microsoft Entra tenant that syncs with the domain and is linked to the subscriptions. The devices are Microsoft Entra hybrid joined.

You plan to deploy a solution to mitigate attacks against privileged accounts. The solution will include Microsoft Sentinel rules that will detect attempts to use fake cached credentials.

You need to recommend a solution to create the fake cached credentials on client computers.

What should you recommend?

Answer options

• A. User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel
• B. a deception rule in Microsoft Defender for Endpoint
• C. a user risk policy in Microsoft Entra ID Protection
• D. a Honeytoken tag in Microsoft Defender for Identity

Correct answer: D

Explanation

The correct answer is D, as a Honeytoken tag in Microsoft Defender for Identity can create fake cached credentials that can be used to detect unauthorized access attempts. Options A and C do not focus on creating fake credentials, while option B relates to endpoint protection rather than credential deception, making them unsuitable for this specific requirement.