New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 4 Question 80 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 80
Topic #: 4
[All SC-200 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 1 and contains a macOS device named Device1.

You need to investigate a Defender for Endpoint agent alert on Device1. The solution must meet the following requirements:

* Identify all the active network connections on Device1.

* Identify all the running processes on Device1.

* Retrieve the login history of Device1.

* Minimize administrative effort.

What should you do first from the Microsoft Defender portal?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Paulina at Sep 12, 2024, 01:51 AM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Carlee
3 months ago
Disabling authenticated telemetry seems unnecessary for this task.
upvoted 0 times
...
Claribel
3 months ago
Wait, can you really get all that info just from the portal?
upvoted 0 times
...
Mauricio
3 months ago
Definitely need to check the running processes first.
upvoted 0 times
...
Leontine
4 months ago
I think initiating a live response session is the best way to go!
upvoted 0 times
...
Stevie
4 months ago
You can collect the investigation package directly from Devices.
upvoted 0 times
...
Clarence
4 months ago
I practiced a similar question, and I think starting with the live response session is key. It allows us to interact with the device directly, which could save time.
upvoted 0 times
...
Stephane
4 months ago
I feel like enabling Live Response unsigned script execution could be important, but I can't recall if that's the first step we should take. It might help with the investigation.
upvoted 0 times
...
Alysa
4 months ago
I'm not entirely sure, but I remember something about collecting investigation packages. Could that be a way to gather the necessary information without too much hassle?
upvoted 0 times
...
Gwenn
5 months ago
I think we might need to initiate a live response session first to get real-time data from Device1. That seems like the most direct way to check active connections and processes.
upvoted 0 times
...
Luisa
5 months ago
This seems straightforward enough. I'm leaning towards option C, collecting the investigation package for Device1. That should give me all the details I need without having to mess around with any advanced features or live response sessions. Minimizing administrative effort is key, so I think that's the best choice.
upvoted 0 times
...
Tegan
5 months ago
Okay, let's think this through. The question is asking what I should do first from the Microsoft Defender portal, and the requirements include identifying network connections, running processes, and login history. I think option D, initiating a live response session, is the way to go here. That should give me the most comprehensive information to meet all the requirements.
upvoted 0 times
...
Malcolm
5 months ago
Hmm, I'm a bit unsure about this one. The requirements mention minimizing administrative effort, so I'm not sure if the live response session in option D is the best approach. I think I'll go with option C to collect the investigation package instead.
upvoted 0 times
...
Jeannetta
5 months ago
This looks like a pretty straightforward question. I'd go with option C to collect the investigation package for Device1 - that should give me all the information I need to identify the network connections, running processes, and login history.
upvoted 0 times
...
Rosendo
1 year ago
This question is like a choose-your-own-adventure book, but instead of going on a fun quest, we're trying to avoid getting our network hacked. Gotta love these security exams!
upvoted 0 times
...
Yuki
1 year ago
Whoa, hold up! Is this question asking us to disable authenticated telemetry? That's like disabling the seatbelts in your car just to save a few seconds. Not happening, my friend.
upvoted 0 times
Vanda
1 year ago
C) From Devices, click Collect investigation package for Device 1.
upvoted 0 times
...
Diego
1 year ago
B) From Advanced features in Endpoints, enable Live Response unsigned script execution.
upvoted 0 times
...
Cecilia
1 year ago
A) From Advanced features in Endpoints, disable Authenticated telemetry.
upvoted 0 times
...
...
Edelmira
1 year ago
Option B seems risky. Enabling unsigned script execution? That's just asking for trouble. I'd rather not introduce that kind of security vulnerability, even if it makes the investigation a bit easier.
upvoted 0 times
Lenora
1 year ago
Definitely, let's prioritize security and choose a safer option to investigate the alert on Device1.
upvoted 0 times
...
Anthony
1 year ago
I agree, security should always be a top priority. Maybe we should consider other options that don't compromise the system.
upvoted 0 times
...
Diego
1 year ago
Option B seems risky. Enabling unsigned script execution? That's just asking for trouble. I'd rather not introduce that kind of security vulnerability, even if it makes the investigation a bit easier.
upvoted 0 times
...
...
Leigha
1 year ago
I'd go with Option D and initiate a live response session. That way, you can interact with the device in real-time and get a more comprehensive look at what's going on.
upvoted 0 times
Kenia
1 year ago
I'd go with Option D and initiate a live response session. That way, you can interact with the device in real-time and get a more comprehensive look at what's going on.
upvoted 0 times
...
Tuyet
1 year ago
D) From Devices, initiate a live response session on Device1.
upvoted 0 times
...
Chan
1 year ago
C) From Devices, click Collect investigation package for Device 1.
upvoted 0 times
...
...
Dong
1 year ago
That's true, it would be more efficient and minimize administrative effort.
upvoted 0 times
...
Jess
1 year ago
But wouldn't initiating a live response session give us real-time access to investigate the alert on Device1?
upvoted 0 times
...
Martina
1 year ago
I'm not sure, maybe we should click Collect investigation package for Device 1 instead?
upvoted 0 times
...
Tiara
1 year ago
Option C looks like the way to go here. I mean, collecting an investigation package is the fastest way to get all that data, right? Plus, it's the least disruptive to the user.
upvoted 0 times
Lazaro
1 year ago
Yeah, I agree. Collecting the investigation package for Device 1 seems like the most efficient way to meet all the requirements without causing any disruption.
upvoted 0 times
...
Golda
1 year ago
Option C looks like the way to go here. I mean, collecting an investigation package is the fastest way to get all that data, right? Plus, it's the least disruptive to the user.
upvoted 0 times
...
...
Dong
1 year ago
I agree with Jess, initiating a live response session seems like the right first step.
upvoted 0 times
...
Jess
2 years ago
I think we should initiate a live response session on Device1 first.
upvoted 0 times
...

Save Cancel