ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 1 question 55 discussion

Actual exam question from Microsoft's SC-200
Question #: 55
Topic #: 1
[All SC-200 Questions]

You have a Microsoft 365 E5 subscription that contains 100 Windows 10 devices.

You onboard the devices to Microsoft Defender 365.

You need to ensure that you can initiate remote shell connections to the onboarded devices from the Microsoft 365 Defender portal.

What should you do first?

  • A. Modify the permissions for Microsoft 365 Defender.
  • B. Create a device group.
  • C. From Advanced features in the Endpoints settings of the Microsoft 365 Defender portal, enable automated investigation.
  • D. Configure role-based access control (RBAC).
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by sand5234 at Oct. 3, 2023, 9:01 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kazaki
Highly Voted 1 year, 7 months ago
Selected Answer: C
C for Sure Enable live response from the advanced settings page. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide#before-you-begin
upvoted 12 times
g_man_rap
11 months, 3 weeks ago
exactly on your link write it clear, it is D: Live response commands Depending on the role that's been granted to you, you can run basic or advanced live response commands. User permissions are controlled by RBAC custom roles. For more information on role assignments, see Create and manage roles.
upvoted 3 times
OneplusOne
3 months ago
Note Only admins and users who have "Manage Portal Settings" permissions can enable live response. https://learn.microsoft.com/en-us/defender-endpoint/live-response?form=MG0AV3
upvoted 1 times
...
...
nsss
1 year, 6 months ago
That's not what option C says though.
upvoted 3 times
...
...
Porter5000
Highly Voted 1 year, 6 months ago
Selected Answer: D
D. Configure role-based access control (RBAC). RBAC allows you to define and manage roles and permissions for users, ensuring that only authorized individuals can perform specific actions, such as initiating remote shell connections. By configuring RBAC, you can grant the necessary permissions to the users who need to initiate remote shell connections to the devices. The other options are not directly related to the specific task of initiating remote shell connections: A. This option is broad and doesn't specify the necessary permissions for initiating remote shell connections. B. Create a device group: Creating one is not directly related to initiating remote shell connections. C. Enabling automated investigation is a useful feature, but it is not specifically related to initiating remote shell connections.
upvoted 6 times
Ramye
1 year, 5 months ago
The questions asked - You need to ensure that you can initiate remote shell connections. So how do you initiate something that is not enabled? I would like to find out. Thx
upvoted 2 times
Ramye
1 year, 5 months ago
Never mind - found the answer - It is D. Live Response Allows users with appropriate RBAC permissions to investigate devices that they are authorized to access, using a remote shell connection.
upvoted 2 times
Str4int
11 months ago
for me it's C. RBAC also need to be configured reagarding best practicies but first this advanced feature need to be activated. another example is, if the global admin is connectecd but the feature is not activated, he can't connect... so C need to be configured first in my opinion
upvoted 1 times
...
...
...
...
Kodoi
Most Recent 3 months, 3 weeks ago
Selected Answer: D
Execution of C also requires authorization. This is often forgotten.
upvoted 1 times
Kodoi
3 months, 3 weeks ago
Executing C also requires privileges. This is often forgotten.
upvoted 1 times
...
...
ExamSC200
5 months, 2 weeks ago
Selected Answer: D
its D and not C. Automated investigation relates to security incident handling and does not directly pertain to enabling remote shell connections.
upvoted 1 times
...
trut_hz
7 months ago
Selected Answer: C
To initiate remote shell connections to onboarded devices from the Microsoft 365 Defender portal, you need to enable Live Response. Live Response is part of the Automated investigation and remediation (AIR) capabilities in Microsoft Defender for Endpoint, which allows administrators to remotely run commands on devices.
upvoted 5 times
...
sunilpanda
8 months, 2 weeks ago
Selected Answer: C
initiating live response is not RBAC
upvoted 3 times
...
efb9f47
9 months ago
C. From Advanced features in the Endpoints settings of the Microsoft 365 Defender portal, enable automated investigation is the correct choice because enabling this feature allows you to use advanced capabilities such as remote shell connections. Once you've enabled this feature, you can then proceed to configure RBAC to ensure that the appropriate permissions are in place for the users who need to initiate remote shell connections.
upvoted 2 times
...
Nikki0222
9 months, 3 weeks ago
D correct
upvoted 2 times
...
user636
11 months, 3 weeks ago
Selected Answer: D
You enable Live response from the advanced settings & then you need to configure RBAC to use this feature. Ref: https://learn.microsoft.com/en-us/defender-endpoint/live-response?view=o365-worldwide#before-you-begin
upvoted 3 times
...
Sekpluz
1 year, 2 months ago
Selected Answer: D
C is no good, trick answer, supposed to be automatic REMEDIATION.. so then D is the Answer.
upvoted 3 times
...
Durden871
1 year, 4 months ago
ChatGPT No, initiating remote shell connections does not necessarily require automated investigations. Remote shell connections allow administrators to access a command-line interface on a remote device for troubleshooting, management, and other administrative tasks.
upvoted 1 times
...
Ramye
1 year, 6 months ago
Selected Answer: C
What comes first between enabling the service and assigning access? You need to have service first before you can assign access.
upvoted 1 times
Ramye
1 year, 5 months ago
Never mind - found the answer - It is D. Live Response Allows users with appropriate RBAC permissions to investigate devices that they are authorized to access, using a remote shell connection
upvoted 4 times
...
...
kazaki
1 year, 6 months ago
Selected Answer: C
For enabling the service first
upvoted 2 times
...
IvanCantero023
1 year, 6 months ago
Selected Answer: D
D is correct
upvoted 2 times
Ramye
1 year, 5 months ago
How? I would like to know. Thx
upvoted 1 times
Ramye
1 year, 5 months ago
Never mind - found the answer - It is D. Live Response Allows users with appropriate RBAC permissions to investigate devices that they are authorized to access, using a remote shell connection
upvoted 1 times
...
...
...
Pradeep064
1 year, 6 months ago
"What should you do first?" A live response becomes a viable option only if the user possesses the RBAC permission to investigate, making "D" the appropriate answer. D - Configure role based access control (RBAC)
upvoted 1 times
...
kazaki
1 year, 7 months ago
i dont know how you all say RBAC it is Purely https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide#before-you-begin Enable live response from the advanced settings page.
upvoted 2 times
Durden871
1 year, 4 months ago
From your link: Ensure that you have the appropriate permissions. Only users who have been provisioned with the appropriate permissions can initiate a session. For more information on role assignments, see Create and manage roles.
upvoted 1 times
...
...
chepeerick
1 year, 9 months ago
Option D for Roles
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel