After a month-month and a half of studying, I’d say I have at least a 50% chance of passing the exam. This is the first exam I’ve taken that has cover so much material. And most of it being new to me as of a month ago. Also fairly annoyed with the amount of bad info out there. Take this question for example:
Your network contains an on-premises Active Directory domain.
Your company has a security policy that prevents additional software from being installed on domain controllers.
You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP).
What should you do? More than once choice may achieve the goal. Select the BEST answer.
A. Deploy an Azure ATP standalone sensor, and then configure port mirroring.
B. Deploy an Azure ATP standalone sensor, and then configure detections.
C. Deploy an Azure ATP sensor, and then configure detections.
D. Deploy an Azure ATP sensor, and then configure port mirroring.
IT exams has the correct answer as C, which isn’t right because the question clearly says that your company has a policy that prevents software from being install on domain controllers. Another site had D, which is only half right. The correct answer is A, because can’t install software on the domain controller, and if it’s not on the domain controller, you need to use a stand alone sensor, in which case you need to have port mirroring enabled on the domain controller to send network traffic to the stand alone sensor.
So, I’m ether going to pass because I can tell when I’m being feed BS on practice tests, or I’m going to fail because I didn’t notice the right BS.
Out of the 5 people in the class only one has taken it so far, and he passed. I’ll update when I know.