ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 1 question 58 discussion

Actual exam question from Microsoft's SC-200
Question #: 58
Topic #: 1
[All SC-200 Questions]

You have a Microsoft 365 E5 subscription that contains 100 Linux devices. The devices are onboarded to Microsoft Defender 365.

You need to initiate the collection of investigation packages from the devices by using the Microsoft 365 Defender portal.

Which response action should you use?

  • A. Run antivirus scan
  • B. Initiate Automated Investigation
  • C. Collect investigation package
  • D. Initiate Live Response Session
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by sand5234 at Oct. 3, 2023, 9:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ostralo
Highly Voted 1 year, 2 months ago
Collect investigation package works with Linux and MacOS - March.8.2024
upvoted 15 times
...
djcyber1
Highly Voted 1 year ago
Tested this on a Linux device and collect investigation package now works so would go for C in the exam now
upvoted 9 times
...
Nikki0222
Most Recent 6 months, 4 weeks ago
C correct
upvoted 1 times
...
ms600
7 months ago
Selected Answer: C
Collects a package of diagnostic information from the device, including logs and system information
upvoted 1 times
...
user636
8 months, 3 weeks ago
Selected Answer: C
Collect investigation package
upvoted 3 times
...
Avaris
11 months ago
Selected Answer: C
so I had an issue with Sc-200 working with 3 generative AI but in regards to this question they all agreed it's a C so you gotta give the that
upvoted 2 times
...
Avaris
12 months ago
Selected Answer: C
Ran it in Copilot and its C To initiate the collection of investigation packages from the Linux devices onboarded to Microsoft Defender for Endpoint, you should use: C. Collect investigation package: This action allows you to download an investigation package (ZIP file) containing relevant data and evidence related to the alert or incident. By selecting this option, you can gather the necessary information for further analysis and response.
upvoted 2 times
...
smosmo
1 year ago
Selected Answer: C
Obviously "Collect investigation package is" (now) supported on Linux/Mac, if we can believe teh documentation here :https://learn.microsoft.com/en-us/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices
upvoted 2 times
...
ecasjo
1 year ago
I think now you can collect investigation package on Linux, it says here: https://learn.microsoft.com/en-us/defender-endpoint/respond-machine-alerts#collect-investigation-package-from-devices So if i see this question on exam, i will go for C)
upvoted 1 times
...
Discuss4certi
1 year, 3 months ago
Selected Answer: D
I initially thought B. however since its not supported for linux machines its live response. so option D!
upvoted 1 times
...
Discuss4certi
1 year, 3 months ago
I initially thought B. however since its not supported for linux machines its live response. so option D!
upvoted 1 times
...
Vamshi_Krishna
1 year, 4 months ago
Selected Answer: D
D is correct. Initiate Live Response.
upvoted 3 times
...
MS_KoolaidMan
1 year, 4 months ago
Selected Answer: D
Linux VMs https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-worldwide#initiate-live-response-session
upvoted 1 times
...
brichardson14
1 year, 6 months ago
answer is correct https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-worldwide#initiate-live-response-session
upvoted 1 times
...
chepeerick
1 year, 6 months ago
Option D as it is Linux
upvoted 1 times
...
sand5234
1 year, 7 months ago
Answer is correct. You initiate the live response on Linux and run "collect" command .
upvoted 4 times
ceejay12
1 year, 7 months ago
But there is an option to collect the investigation package from the device without initiating a live response session?
upvoted 1 times
ceejay12
1 year, 7 months ago
Apologies, answer is correct, the option is missing from Linux devices/servers.
upvoted 3 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago