SC-200 · Question #310
SC-200 Question #310: Real Exam Question with Answer & Explanation
The correct answer is A: From Devices, click Collect investigation package for Device1.. The investigation package collected by defender includes all the required information and is considerable less admin effort than running a live response session and collecting this information interactively. https://learn.microsoft.com/en-us/defender-endpoint/respond-machine-aler
Question
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a macOS device named Device1. You need to investigate a Defender for Endpoint agent alert on Device1. The solution must meet the following requirements: - Identify all the active network connections on Device1. - Identify all the running processes on Device1. - Retrieve the login history of Device1. - Minimize administrative effort. What should you do first from the Microsoft Defender portal?
Options
- AFrom Devices, click Collect investigation package for Device1.
- BFrom Advanced features in Endpoints, enable Live Response unsigned script execution.
- CFrom Devices, initiate a live response session on Device1.
- DFrom Advanced features in Endpoints, disable Authenticated telemetry.
Explanation
The investigation package collected by defender includes all the required information and is considerable less admin effort than running a live response session and collecting this information interactively. https://learn.microsoft.com/en-us/defender-endpoint/respond-machine-alerts?view=o365- worldwide#collect-investigation-package-from-devices
Community Discussion
No community discussion yet for this question.