Microsoft Certified: Azure Fundamentals (AZ-900) Practice Exam

Which Azure security solution should be used to investigate suspicious user activities?

• A. Azure Security Center
• B. Key Vault
• C. Azure Information Protection (AIP)
• D. Azure Advanced Threat Protection (ATP)

The correct answer is: Azure Advanced Threat Protection (ATP)

Azure Advanced Threat Protection (ATP), now known as Microsoft Defender for Identity, is specifically designed to help organizations detect and investigate suspicious user activities within their network. It utilizes behavioral analytics and machine learning to identify anomalies that may signify a security threat or unauthorized access. By analyzing user behaviors and account activities, ATP can flag potential risks, such as unusual sign-in locations, failed login attempts, or atypical resource access patterns. This solution provides detailed insights and alerts for security administrators, enabling them to respond swiftly to potential threats. It complements existing security measures by giving visibility into user activities and helping to investigate security incidents effectively. In contrast, other options focus on different aspects of security. Azure Security Center provides a broader security management platform that helps in assessing security postures, Key Vault is primarily concerned with managing secrets, keys, and certificates, while Azure Information Protection (AIP) is focused on classifying and protecting data. These tools serve important roles in an overall security strategy but do not specifically address the investigation of suspicious user activities as directly as Azure Advanced Threat Protection does.