ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 18 discussion

Actual exam question from Microsoft's MS-102
Question #: 18
Topic #: 1
[All MS-102 Questions]

HOTSPOT -
You have an Azure AD tenant that contains the users shown in the following table.

Your company uses Microsoft Defender for Endpoint. Microsoft Defender for Endpoint contains the roles shown in the following table.

Microsoft Defender for Endpoint contains the device groups shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Greatone1 at Aug. 27, 2023, 6:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Nilz76
Highly Voted 1 year, 7 months ago
Here are my thoughts. No, No, Yes Q: User 1 can run an antivirus scan on device 2. A: No. User 1 belongs to Group 1 and has the permission to "View data, alerts investigations" under role 1. Running an antivirus scan would typically require additional permissions which are not listed here for User 1. Q: User 2 can collect an investigation package from device 2. A: No. User 2 belongs to Group 2 and has the permission to "View data" under role 2. Collecting an investigation package would likely require additional permissions which are not listed for User 2. Q: User 3 can isolate device 2. A: Yes. User 3 belongs to Group 3 and has the role of Microsoft Defender for Endpoint Administrator which includes permissions to "View data, alerts investigations, active remediations, manage security settings." These permissions encompass the ability to take actions such as isolating a device.
upvoted 38 times
sigvast
1 year, 6 months ago
Correct. Collect an investigation package require at least "Alerts Investigation" permission.
upvoted 6 times
...
...
Greatone1
Highly Voted 1 year, 8 months ago
Answer is correct https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection
upvoted 7 times
...
maxonius
Most Recent 1 month ago
No, No, No Q1: No User1 is in Group1, which has no access to Device2. Q2: No. User2 is in Group2, which has access to Device2, but Role2 has no permission collecting an investigation packages. Q3: No. User3 is in Group3, which has full Defender admin permissions, but Group3 does not have access to Device1.
upvoted 1 times
...
Jalonso
1 month, 2 weeks ago
No,No,No Esto significa que aunque User3 tenga el rol más alto con todos los permisos, si su grupo (Group3) no tiene acceso al grupo de dispositivos donde está Device1 (ATP1), no podrá actuar sobre ese dispositivo.
upvoted 1 times
...
Jalonso
1 month, 2 weeks ago
Esto significa que aunque User3 tenga el rol más alto con todos los permisos, si su grupo (Group3) no tiene acceso al grupo de dispositivos donde está Device1 (ATP1), no podrá actuar sobre ese dispositivo.
upvoted 1 times
...
MR_Eliot
7 months, 2 weeks ago
Given answers are correct. https://learn.microsoft.com/en-us/defender-endpoint/user-roles#permission-options
upvoted 1 times
...
Charard
1 year, 3 months ago
Given answer is correct.
upvoted 1 times
...
m2L
1 year, 4 months ago
1) No: Even if alerts Investigation allows users to run a scan as explained in the link below, Device2 is not in user1's Scope. Otherwise, he cannot run a scan on Device 2. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/user-roles?view=o365-worldwide 2) No N)Yes
upvoted 5 times
...
mhmyz
1 year, 8 months ago
No,No,No Box3: User3 can Remediation Action but, Group3 do not assinged ATP1. https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection
upvoted 4 times
...
hogehogehoge
1 year, 8 months ago
Box3: No? Because Defferent Group In User and Device.
upvoted 2 times
rinzler1
1 year, 8 months ago
User3 is in default Admin group, has access to everything related to Endpoints
upvoted 11 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago