Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 4 Question 80 Discussion

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 1 and contains a macOS device named Device1.You need to investigate a Defender for Endpoint agent alert on Device1. The solution must meet the following requirements:* Identify all the active network connections on Device1.* Identify all the running processes on Device1.* Retrieve the login history of Device1.* Minimize administrative effort.What should you do first from the Microsoft Defender portal?
C) From Devices, click Collect investigation package for Device 1.
A) From Advanced features in Endpoints, disable Authenticated telemetry.
B) From Advanced features in Endpoints, enable Live Response unsigned script execution.
D) From Devices, initiate a live response session on Device1.

Microsoft SC-200 Exam - Topic 4 Question 80 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 80
Topic #: 4
[All SC-200 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 1 and contains a macOS device named Device1.

You need to investigate a Defender for Endpoint agent alert on Device1. The solution must meet the following requirements:

* Identify all the active network connections on Device1.

* Identify all the running processes on Device1.

* Retrieve the login history of Device1.

* Minimize administrative effort.

What should you do first from the Microsoft Defender portal?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Paulina at Sep 12, 2024, 01:51 AM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Carlee
6 months ago
Disabling authenticated telemetry seems unnecessary for this task.
upvoted 0 times
...
Claribel
6 months ago
Wait, can you really get all that info just from the portal?
upvoted 0 times
...
Mauricio
7 months ago
Definitely need to check the running processes first.
upvoted 0 times
...
Leontine
7 months ago
I think initiating a live response session is the best way to go!
upvoted 0 times
...
Stevie
7 months ago
You can collect the investigation package directly from Devices.
upvoted 0 times
...
Clarence
7 months ago
I practiced a similar question, and I think starting with the live response session is key. It allows us to interact with the device directly, which could save time.
upvoted 0 times
...
Stephane
8 months ago
I feel like enabling Live Response unsigned script execution could be important, but I can't recall if that's the first step we should take. It might help with the investigation.
upvoted 0 times
...
Alysa
8 months ago
I'm not entirely sure, but I remember something about collecting investigation packages. Could that be a way to gather the necessary information without too much hassle?
upvoted 0 times
...
Gwenn
8 months ago
I think we might need to initiate a live response session first to get real-time data from Device1. That seems like the most direct way to check active connections and processes.
upvoted 0 times
...
Luisa
8 months ago
This seems straightforward enough. I'm leaning towards option C, collecting the investigation package for Device1. That should give me all the details I need without having to mess around with any advanced features or live response sessions. Minimizing administrative effort is key, so I think that's the best choice.
upvoted 0 times
...
Tegan
8 months ago
Okay, let's think this through. The question is asking what I should do first from the Microsoft Defender portal, and the requirements include identifying network connections, running processes, and login history. I think option D, initiating a live response session, is the way to go here. That should give me the most comprehensive information to meet all the requirements.
upvoted 0 times
...
Malcolm
8 months ago
Hmm, I'm a bit unsure about this one. The requirements mention minimizing administrative effort, so I'm not sure if the live response session in option D is the best approach. I think I'll go with option C to collect the investigation package instead.
upvoted 0 times
...
Jeannetta
8 months ago
This looks like a pretty straightforward question. I'd go with option C to collect the investigation package for Device1 - that should give me all the information I need to identify the network connections, running processes, and login history.
upvoted 0 times
...
Rosendo
2 years ago
This question is like a choose-your-own-adventure book, but instead of going on a fun quest, we're trying to avoid getting our network hacked. Gotta love these security exams!
upvoted 0 times
...
Yuki
2 years ago
Whoa, hold up! Is this question asking us to disable authenticated telemetry? That's like disabling the seatbelts in your car just to save a few seconds. Not happening, my friend.
upvoted 0 times
Vanda
2 years ago
C) From Devices, click Collect investigation package for Device 1.
upvoted 0 times
...
Diego
2 years ago
B) From Advanced features in Endpoints, enable Live Response unsigned script execution.
upvoted 0 times
...
Cecilia
2 years ago
A) From Advanced features in Endpoints, disable Authenticated telemetry.
upvoted 0 times
...
...
Edelmira
2 years ago
Option B seems risky. Enabling unsigned script execution? That's just asking for trouble. I'd rather not introduce that kind of security vulnerability, even if it makes the investigation a bit easier.
upvoted 0 times
Lenora
2 years ago
Definitely, let's prioritize security and choose a safer option to investigate the alert on Device1.
upvoted 0 times
...
Anthony
2 years ago
I agree, security should always be a top priority. Maybe we should consider other options that don't compromise the system.
upvoted 0 times
...
Diego
2 years ago
Option B seems risky. Enabling unsigned script execution? That's just asking for trouble. I'd rather not introduce that kind of security vulnerability, even if it makes the investigation a bit easier.
upvoted 0 times
...
...
Leigha
2 years ago
I'd go with Option D and initiate a live response session. That way, you can interact with the device in real-time and get a more comprehensive look at what's going on.
upvoted 0 times
Kenia
2 years ago
I'd go with Option D and initiate a live response session. That way, you can interact with the device in real-time and get a more comprehensive look at what's going on.
upvoted 0 times
...
Tuyet
2 years ago
D) From Devices, initiate a live response session on Device1.
upvoted 0 times
...
Chan
2 years ago
C) From Devices, click Collect investigation package for Device 1.
upvoted 0 times
...
...
Dong
2 years ago
That's true, it would be more efficient and minimize administrative effort.
upvoted 0 times
...
Jess
2 years ago
But wouldn't initiating a live response session give us real-time access to investigate the alert on Device1?
upvoted 0 times
...
Martina
2 years ago
I'm not sure, maybe we should click Collect investigation package for Device 1 instead?
upvoted 0 times
...
Tiara
2 years ago
Option C looks like the way to go here. I mean, collecting an investigation package is the fastest way to get all that data, right? Plus, it's the least disruptive to the user.
upvoted 0 times
Lazaro
2 years ago
Yeah, I agree. Collecting the investigation package for Device 1 seems like the most efficient way to meet all the requirements without causing any disruption.
upvoted 0 times
...
Golda
2 years ago
Option C looks like the way to go here. I mean, collecting an investigation package is the fastest way to get all that data, right? Plus, it's the least disruptive to the user.
upvoted 0 times
...
...
Dong
2 years ago
I agree with Jess, initiating a live response session seems like the right first step.
upvoted 0 times
...
Jess
2 years ago
I think we should initiate a live response session on Device1 first.
upvoted 0 times
...

Save Cancel