SC-200 · Question #313
SC-200 Question #313: Real Exam Question with Answer & Explanation
The correct answer is E: File1.sys, File2.pdf, File3.docx, and File4.xlsx. Microsoft Defender for Endpoint's file indicator feature works based on cryptographic file hashes (MD5, SHA-1, or SHA-256) and is not restricted by file extension. Any file - regardless of whether it is a system driver (.sys), document (.pdf, .docx), or spreadsheet (.xlsx) - can
Question
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices. As part of an incident investigation, you identify the following suspected malware files: - sys - pdf - docx - xlsx You need to create indicator hashes to block users from downloading the files to the devices. Which files can you block by using the indicator hashes?
Options
- AFile1.sys only
- BFile1.sys and File3.docx only
- CFile1.sys, File3.docx, and File4.xlsx only
- DFile2.pdf, File3.docx, and File4.xlsx only
- EFile1.sys, File2.pdf, File3.docx, and File4.xlsx
Explanation
Microsoft Defender for Endpoint's file indicator feature works based on cryptographic file hashes (MD5, SHA-1, or SHA-256) and is not restricted by file extension. Any file - regardless of whether it is a system driver (.sys), document (.pdf, .docx), or spreadsheet (.xlsx) - can have an indicator hash created to block it from being downloaded or executed on onboarded devices. The hash uniquely identifies the file content, not its extension. Therefore, all four files (File1.sys, File2.pdf, File3.docx, and File4.xlsx) can be blocked using indicator hashes.
Community Discussion
No community discussion yet for this question.