Which three events can you identify by using ATA?

Your network contains an Active Directory domain.
Microsoft Advanced Threat Analytics (ATA) is deployed to the domain.
A database administrator named DBA1 suspects that her user account was compromised.
Which three events can you identify by using ATA? Each correct answer presents a complete solution.

Your network contains an Active Directory domain.
Microsoft Advanced Threat Analytics (ATA) is deployed to the domain.
A database administrator named DBA1 suspects that her user account was compromised.
Which three events can you identify by using ATA? Each correct answer presents a complete solution.

A.
Spam messages received by DBA1.

B.
Phishing attempts that targeted DBA1

C.
The last time DBA1 experienced a failed logon attempt

D.
Domain computers into which DBA1 recently signed.

E.
Servers that DBA1 recently accessed.

Explanation:
https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-threats
Suspicious authentication failures (Behavioral brute force)
Attackers attempt to use brute force on credentials to compromise accounts.
ATA raises an alert when abnormal failed authentication behavior is detected.
Abnormal behavior
Lateral movement is a technique often used by attackers, to move between devices and areas in the victim’s
network to gain access to privileged credentials or
sensitive information of interest to the attacker. ATA is able to detect lateral movement by analyzing the
behavior of users, devices and their relationship inside the
corporate network, and detect on any abnormal access patterns which may indicate a lateral movement
performed by an attacker.
https://gallery.technet.microsoft.com/ATA-Playbook-ef0a8e38/view/Reviews
ATA Suspicious Activity Playbook Page 35 Action: Attempt to authenticate to DC1



Leave a Reply 0

Your email address will not be published. Required fields are marked *