Microsoft Exam SC-100 Topic 3 Question 51 Discussion

Actual exam question for Microsoft's SC-100 exam

Question #: 51
Topic #: 3

You have a Microsoft 365 tenant that contains 5,000 users and 5,000 Windows 11 devices. All users are assigned Microsoft 365 5 licenses and the Microsoft Defender Vulnerability Management add-on. The Windows 11 devices are managed by using Microsoft Intune and Microsoft Defender for Endpoint. The Windows 11 devices are configured during deployment to comply with Center for Internet Security (CIS) benchmarks for Windows 11.

You need to recommend a compliance solution for the Windows 11 devices. The solution must identify devices that were modified and no longer comply with the CIS benchmarks.

What should you include in the recommendation?

AAuthenticated scan for Windows in Microsoft Defender Vulnerability Management

BMicrosoft Secure Score for Devices in Defender for Endpoint

Cattack surface reduction (ASR) rules in Defender for Endpoint

Dsecurity baselines assessments in Microsoft Defender Vulnerability Management

Show Suggested Answer

Suggested Answer: D

by Ivory at Sep 16, 2024, 10:04 PM

Limited Time Offer

25%

Off

Get Premium SC-100 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Arlen

20 days ago

Microsoft Defender Vulnerability Management is the way to go, baby! Security baselines all the way. I'm feeling pretty secure just thinking about it.

upvoted 0 times

...

Moira

22 days ago

D all the way! I mean, who wouldn't want to secure their devices with a good old-fashioned security baseline? It's like wrapping your Windows 11 in a cozy CIS-shaped blanket.

upvoted 0 times

Caren

10 days ago

D all the way! I mean, who wouldn't want to secure their devices with a good old-fashioned security baseline?

upvoted 0 times

...

Ben

12 days ago

B) Microsoft Secure Score for Devices in Defender for Endpoint

upvoted 0 times

...

Elenor

14 days ago

A) Authenticated scan for Windows in Microsoft Defender Vulnerability Management

upvoted 0 times

...

Tien

1 months ago

I'm going with D as well. The question is pretty clear about needing a solution to identify non-compliant devices, and that's exactly what security baselines assessments do.

upvoted 0 times

...

Terry

1 months ago

Definitely D. The other options are good, but they don't specifically address the need to identify non-compliant devices. Security baselines are the way to go.

upvoted 0 times

Donette

1 days ago

C) attack surface reduction (ASR) rules in Defender for Endpoint

upvoted 0 times

...

Candida

12 days ago

B) Microsoft Secure Score for Devices in Defender for Endpoint

upvoted 0 times

...

Rasheeda

21 days ago

A) Authenticated scan for Windows in Microsoft Defender Vulnerability Management

upvoted 0 times

...

Francine

1 months ago

Hmm, I think the answer is D. Security baselines assessments in Microsoft Defender Vulnerability Management can help identify devices that have been modified and no longer comply with the CIS benchmarks.

upvoted 0 times