Exam MS-102 topic 1 question 125 discussion

C. Basic discovery https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide#discovery-methods

C esta correta.

B. device discovery exclusions Here's why: Standard discovery and basic discovery are both discovery methods that allow devices to poll the network for other devices. This is not what you want to prevent. A network assessment job is used to assess the security posture of your network. It doesn't directly address the issue of preventing onboarded devices from polling the network. Device discovery exclusions allow you to specify devices that should be excluded from network-wide device discovery. By excluding onboarded devices from this discovery method, you can prevent them from polling the network for other devices while still allowing them to discover devices with which they communicate directly.

"In the Device Discovery settings, select Basic Device Discovery mode. This mode restricts the devices from polling the network to discover other devices. Instead, it allows devices to discover only those with which they directly communicate." Explanation: Standard Discovery: This mode might allow for broader network polling which doesn’t meet the requirement of limiting discovery to direct communications only. Device Discovery Exclusions: These settings are typically used to exclude specific devices or IP ranges from being discovered but don't inherently restrict onboarded devices from polling the network for discovery. ChatGPT 4-o says C

I agree its C For further clarification read the FAQ https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-discovery-faq?view=o365-worldwide

To achieve the desired outcome of preventing onboarded devices from polling the network for device discovery while still allowing them to discover devices with which they communicate directly in the Microsoft 365 Defender portal, you should: B. Device discovery exclusions Explanation: By configuring device discovery exclusions, you can specify certain devices or ranges of IP addresses that should be excluded from the device discovery process. This allows you to prevent onboarded devices from indiscriminately polling the network for device discovery while still enabling them to discover devices with which they communicate directly. This approach provides a targeted solution to meet the specific requirements outlined in the scenario.

C is correct

I believe it's D. A basic or standard discovery will still scan for the entire network, the scan will just either be passive (less information, less network usage) or active (more information, more network usage). Please read the article below: https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/network-device-discovery-and-vulnerability-assessments/ba-p/2267548

AI says A: To prevent onboarded devices from polling the network for device discovery but still discover devices with which they communicate directly, you should configure the Standard discovery mode in the Microsoft Defender for Endpoint portal1. This mode allows endpoints to actively find devices in your network to enrich collected data and discover more devices - helping you build a reliable and coherent device inventory. In addition to devices that were observed using the passive method, standard mode also leverages common discovery protocols that use multicast queries in the network to find even more devices1. Summary: To prevent onboarded devices from polling the network for device discovery but still discover devices with which they communicate directly, you should configure the Standard discovery mode in the Microsoft Defender for Endpoint portal.

Standard discovery (recommended): This mode allows endpoints to actively find devices in your network to enrich collected data and discover more devices - helping you build a reliable and coherent device inventory. When Standard mode is enabled, minimal, and negligible network activity generated by the discovery sensor might be observed by network monitoring tools in your organization.

For me it is B. See here for reference: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-device-discovery?view=o365-worldwide#exclude-devices-from-being-actively-probed-in-standard-discovery

It could be D; A network assessment job

It's C https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide#discovery-methods

I believe the correct answer is B. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-discovery?view=o365-worldwide#discovery-methods