ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 5 question 5 discussion

Actual exam question from Microsoft's SC-200
Question #: 5
Topic #: 5
[All SC-200 Questions]

HOTSPOT -

You have a Microsoft 365 E5 subscription that uses Microsoft 365 Defender for Endpoint.

You need to ensure that you can initiate remote shell connections to Windows servers by using the Microsoft 365 Defender portal.

What should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Approach_Belgium_SA at March 6, 2024, 3:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kukuliquid
Highly Voted 1 year, 2 months ago
Wrong Answer. Answer is: 1. Live Response for server 2. Automation Level It is explained here: https://learn.microsoft.com/en-us/defender-endpoint/automation-levels "With no automation, automated investigation doesn't run on your organization's devices. As a result, no remediation actions are taken or pending as a result of automated investigation"
upvoted 22 times
Tuitor01
8 months, 2 weeks ago
Maybe I'm missing something, but what does Automation have anything to do with You need to ensure that you can initiate remote shell connections to Windows servers by using the Microsoft 365 Defender portal?
upvoted 1 times
Tuitor01
8 months ago
Ok I found why the answer is hat it is: API description Runs a sequence of live response commands on a device Limitations Rate limitations for this API are 10 calls per minute (additional requests are responded with HTTP 429). 25 concurrently running sessions (requests exceeding the throttling limit receives a "429 - Too many requests" response). If the machine isn't available, the session is queued for up to three days. RunScript command timeouts after 10 minutes. Live response commands can't be queued up and can only be executed one at a time. If the machine that you're trying to run this API call is in an RBAC device group that doesn't have an automated remediation level assigned to it, you need to at least enable the minimum Remediation Level for a given Device Group.
upvoted 5 times
...
...
talosDevbot
10 months ago
^^Agreed
upvoted 1 times
...
...
Approach_Belgium_SA
Highly Voted 1 year, 5 months ago
Live response for servers & device tag https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/respond-machine-alerts?view=o365-worldwide#initiate-live-response-session
upvoted 14 times
user636
11 months, 2 weeks ago
The answer is: Advanced feature: Live response for servers For the device group: The automation level.
upvoted 3 times
...
...
user636
Most Recent 11 months, 2 weeks ago
The answer is: Advanced feature: Live response for servers For the device group: The automation level. Another tricky question from Microsoft. They mentioned "Servers" plural in the question, so we have to assume that there will be a "Device group" containing all the servers. Hint: While creating a "device group" you must configure the "automation level".
upvoted 1 times
...
smanzana
1 year ago
1. Live Response for server 2. Automation Level
upvoted 3 times
...
twaller78
1 year ago
This is a very similar question to topic-1-question-27-discussion/ which gives different anwers! You pay good money for this site and around 50% of the answers are wrong. Live response and automation level should be the answer.
upvoted 1 times
...
Arnoud
1 year, 4 months ago
Live Response for Servers Devices require an Automation Remediation level (Semi or Full) https://www.egroup-us.com/microsoft-defender-for-endpoints-live-response/
upvoted 5 times
...
certinfra
1 year, 5 months ago
Live Response for Servers | The automation level (Not sure) Live Response for Servers > Allows users with Live Response privileges to connect remotely to servers (Windows Server or Linux devices) that they are authorized to access. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide I don't know if it's still required but it was: You'll need to enable, at least, the minimum Remediation Level for a given Device Group. Otherwise you won't be able to establish a Live Response session to a member of that group.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel