ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 5 question 12 discussion

Actual exam question from Microsoft's SC-200
Question #: 12
Topic #: 5
[All SC-200 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices.

You plan to create a Microsoft Defender XDR custom deception rule.

You need to ensure that the rule will be applied to only 10 specific devices.

What should you do first?

  • A. Add custom lures to the rule.
  • B. Add the IP address of each device to the list of decoy accounts and hosts of the rule.
  • C. Add the devices to a group.
  • D. Assign a tag to the devices.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by wheeldj at April 29, 2024, 6:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
don_binak
Highly Voted 1 year ago
Selected Answer: D
Identify the devices where you intend to plant the lures in the scope section. You can select to plant lures in all Windows client devices or in clients with specific tags. The deception feature currently covers Windows clients. https://learn.microsoft.com/en-us/defender-xdr/configure-deception
upvoted 6 times
...
Optimizor_IT
Most Recent 2 months, 1 week ago
Selected Answer: D
First, tag the 10 devices (e.g., Security.microsoft.com > Devices > select 10 devices > Manage tags > “DeceptionTargets”). Then, create the deception rule and scope it to “Devices with specific tags,” selecting “DeceptionTargets.”
upvoted 1 times
...
HAjouz
6 months ago
Selected Answer: D
You're right to question that! While device groups are generally useful for managing devices in Defender for Endpoint, they are not the primary way to target specific devices for custom deception rules.
upvoted 1 times
...
sapphire
7 months ago
Selected Answer: D
correct answer >> Microsoft Defender >> Rules Managmenet > Apply a tag in Choose which actions to apply to this rule.
upvoted 1 times
...
g_man_rap
9 months, 4 weeks ago
ChatGpt4 answer: Option C: Add the devices to a group. Correct. In Microsoft 365 and Defender for Endpoint, devices are often managed in groups (known as device groups or device collections). By adding the specific devices to a group, you can then configure the rule to apply only to that group. This ensures that the rule is only applied to the 10 devices you intend to target. Option D: Assign a tag to the devices. Incorrect. Assigning a tag to devices can help with organization and management within Microsoft Defender for Endpoint, but it doesn’t directly control rule application. Tags are useful for filtering and reporting but not for determining rule scope.
upvoted 1 times
...
Rodwhite
11 months ago
Selected Answer: D
with Deception rules scope you only get the option to (1) All Windows Client devices or (2) Devices with specific Tags. Therefore, "D".
upvoted 1 times
...
Sekpluz
12 months ago
Selected Answer: D
It's (D) first [tag 10 devices], and then when you create the rule, you chose the lure (A), and then you chose the decoys ( the 10 devices you tagged ) https://learn.microsoft.com/en-us/defender-xdr/configure-deception
upvoted 2 times
...
rsanx42
1 year ago
Selected Answer: A
A: Add custom lures to the rule "In the rule creation pane, add a rule name, description, and select what lure types to create. You can select both" https://learn.microsoft.com/en-us/defender-xdr/configure-deception
upvoted 3 times
Kurt_Junior
9 months, 2 weeks ago
In the provided link. In step 3 you set the Scope (Devices with specific Tags) In step 8 you can add Custom Lures. So I wote for D.
upvoted 1 times
...
...
laddu001
1 year ago
Add the devices to a group.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel