SC-200 Question #159: Real Exam Question with Answer & Explanation

The correct answer is A: Turn on EDR with block mode.. Option A is correct. EDR with block mode can be used with third-party AV. Option B is incorrect. The "Allow or block file" feature requires Defender AV. Option C is incorrect. Automated investigations do not block files. https://docs.microsoft.com/en-us/microsoft-365/security/def

Submitted by lars.no· Apr 18, 2026Manage threat mitigation using Microsoft Defender for Endpoint

Question

In advanced features, which setting must be turned on to obstruct files even if a 3rd party AV is used?

Options

ATurn on EDR with block mode.
BAutomated Investigation
CAllow or block file
DAll of the above

Explanation

Option A is correct. EDR with block mode can be used with third-party AV. Option B is incorrect. The "Allow or block file" feature requires Defender AV. Option C is incorrect. Automated investigations do not block files. https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender- antivirus-compatibility?view=o365-worldwide

Topics

#EDR block mode#Microsoft Defender for Endpoint#Third-party AV coexistence#Threat obstruction

Community Discussion

No community discussion yet for this question.

Full SC-200 Practice Browse All SC-200 Questions