SC-100 Question #162: Real Exam Question with Answer & Explanation

Question

Your company wants to optimize using Microsoft Defender for Endpoint to protect its resources against ransomware based on Microsoft Security Best Practices. You need to prepare a post-breach response plan for compromised computers based on the Microsoft Detection and Response Team (DART) approach in Microsoft Security Best Practices. What should you include in the response plan?

Options

• Acontrolled folder access
• Bapplication isolation
• Cmemory scanning
• Dmachine isolation
• Euser isolation

Explanation

{"question_number": 6, "correct_answer": "D", "explanation": "The Microsoft Detection and Response Team (DART) post-breach playbook for ransomware prioritizes machine isolation as the immediate response action for compromised computers. Isolating the machine cuts off its network connectivity to prevent the ransomware from spreading laterally to other systems, communicating with command-and-control (C2) infrastructure, or encrypting additional network shares-all while preserving forensic evidence on the machine. Microsoft Defender for Endpoint provides a one-click 'Isolate device' action directly in the portal. Controlled folder access (A) is a preventive measure to protect folders from ransomware writes, not a post-breach containment action. Application isolation (B) and memory scanning (C) are not primary DART response steps. User isolation (E) involves revoking user credentials but does not stop an already-running ransomware process on a compromised machine.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

No community discussion yet for this question.