MS-102 Question #378: Real Exam Question with Answer & Explanation

Question

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint and Microsoft Intune. All devices run Windows 11 and are Microsoft Entra joined. You are alerted to a zero-day attack. You need to identify which devices were affected by the attack and send a request to Intune administrators to update the affected devices. Which two actions should you perform in the Microsoft Defender portal? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Options

• AFrom Threat analytics, view the list of vulnerable devices.
• BFrom Incidents & alerts, select the latest incident.
• CFrom Vulnerability management, open the security recommendation.
• DSelect the affected devices and request remediation.

Explanation

To identify devices affected by a zero-day attack and request remediation, use Threat analytics to view vulnerable devices and then initiate remediation requests through the Defender portal.

Common mistakes.

• B. While incidents provide alerts, Threat analytics offers a more consolidated and comprehensive view of the overall impact and affected devices for an organizational threat campaign like a zero-day attack.
• C. Vulnerability management focuses on proactively identifying and addressing software and configuration weaknesses rather than reactively identifying devices actively impacted by a specific zero-day attack.

Concept tested. Identifying affected devices and initiating remediation for zero-day threats

Reference. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/threat-analytics?view=o365-worldwide

No community discussion yet for this question.