SC-100 Question #232: Real Exam Question with Answer & Explanation

Question

You have a Microsoft 365 tenant that contains 5,000 users and 5,000 Windows 11 devices. All users are assigned Microsoft 365 E5 licenses and the Microsoft Defender Vulnerability Management add-on. The Windows 11 devices are managed by using Microsoft Intune and Microsoft Defender for Endpoint. The Windows 11 devices are configured during deployment to comply with Center for Internet Security (CIS) benchmarks for Windows 11. You need to recommend a compliance solution for the Windows 11 devices. The solution must identify devices that were modified and no longer comply with the CIS benchmarks. What should you include in the recommendation?

Options

• AAuthenticated scan for Windows in Microsoft Defender Vulnerability Management
• BMicrosoft Secure Score for Devices in Defender for Endpoint
• Cattack surface reduction (ASR) rules in Defender for Endpoint
• Dsecurity baselines assessments in Microsoft Defender Vulnerability Management

Explanation

Instead of running never-ending compliance scans, security baselines assessment helps you to continuously and effortlessly monitor your organization's security baselines compliance and identify changes in real time. A security baseline profile is a customized profile that you can create to assess and monitor endpoints in your organization against industry security benchmarks. When you create a security baseline profile, you're creating a template that consists of multiple device configuration settings and a base benchmark to compare against. Security baselines provide support for Center for Internet Security (CIS) benchmarks for Windows 10, Windows 11, and Windows Server 2008 R2 and above, as well as Security Technical Implementation Guides (STIG) benchmarks for Windows 10 and Windows Server 2019. https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-security-baselines

No community discussion yet for this question.