Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Microsoft Exam SC-200 Topic 4 Question 80 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 80
Topic #: 4
[All SC-200 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 1 and contains a macOS device named Device1.

You need to investigate a Defender for Endpoint agent alert on Device1. The solution must meet the following requirements:

* Identify all the active network connections on Device1.

* Identify all the running processes on Device1.

* Retrieve the login history of Device1.

* Minimize administrative effort.

What should you do first from the Microsoft Defender portal?

Show Suggested Answer Hide Answer
Suggested Answer: C

Contribute your Thoughts:

Rosendo
2 months ago
This question is like a choose-your-own-adventure book, but instead of going on a fun quest, we're trying to avoid getting our network hacked. Gotta love these security exams!
upvoted 0 times
...
Yuki
2 months ago
Whoa, hold up! Is this question asking us to disable authenticated telemetry? That's like disabling the seatbelts in your car just to save a few seconds. Not happening, my friend.
upvoted 0 times
Vanda
1 months ago
C) From Devices, click Collect investigation package for Device 1.
upvoted 0 times
...
Diego
1 months ago
B) From Advanced features in Endpoints, enable Live Response unsigned script execution.
upvoted 0 times
...
Cecilia
1 months ago
A) From Advanced features in Endpoints, disable Authenticated telemetry.
upvoted 0 times
...
...
Edelmira
2 months ago
Option B seems risky. Enabling unsigned script execution? That's just asking for trouble. I'd rather not introduce that kind of security vulnerability, even if it makes the investigation a bit easier.
upvoted 0 times
Lenora
1 months ago
Definitely, let's prioritize security and choose a safer option to investigate the alert on Device1.
upvoted 0 times
...
Anthony
2 months ago
I agree, security should always be a top priority. Maybe we should consider other options that don't compromise the system.
upvoted 0 times
...
Diego
2 months ago
Option B seems risky. Enabling unsigned script execution? That's just asking for trouble. I'd rather not introduce that kind of security vulnerability, even if it makes the investigation a bit easier.
upvoted 0 times
...
...
Leigha
2 months ago
I'd go with Option D and initiate a live response session. That way, you can interact with the device in real-time and get a more comprehensive look at what's going on.
upvoted 0 times
Kenia
1 months ago
I'd go with Option D and initiate a live response session. That way, you can interact with the device in real-time and get a more comprehensive look at what's going on.
upvoted 0 times
...
Tuyet
1 months ago
D) From Devices, initiate a live response session on Device1.
upvoted 0 times
...
Chan
2 months ago
C) From Devices, click Collect investigation package for Device 1.
upvoted 0 times
...
...
Dong
2 months ago
That's true, it would be more efficient and minimize administrative effort.
upvoted 0 times
...
Jess
3 months ago
But wouldn't initiating a live response session give us real-time access to investigate the alert on Device1?
upvoted 0 times
...
Martina
3 months ago
I'm not sure, maybe we should click Collect investigation package for Device 1 instead?
upvoted 0 times
...
Tiara
3 months ago
Option C looks like the way to go here. I mean, collecting an investigation package is the fastest way to get all that data, right? Plus, it's the least disruptive to the user.
upvoted 0 times
Lazaro
3 months ago
Yeah, I agree. Collecting the investigation package for Device 1 seems like the most efficient way to meet all the requirements without causing any disruption.
upvoted 0 times
...
Golda
3 months ago
Option C looks like the way to go here. I mean, collecting an investigation package is the fastest way to get all that data, right? Plus, it's the least disruptive to the user.
upvoted 0 times
...
...
Dong
3 months ago
I agree with Jess, initiating a live response session seems like the right first step.
upvoted 0 times
...
Jess
3 months ago
I think we should initiate a live response session on Device1 first.
upvoted 0 times
...

Save Cancel