ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 4 question 12 discussion

Actual exam question from Microsoft's SC-200
Question #: 12
Topic #: 4
[All SC-200 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains a user named User1 and a Microsoft 365 group named Group1. All users are assigned a Defender for Endpoint Plan 1 license.

You enable Microsoft Defender XDR Unified role-based access control (RBAC) for Endpoints & Vulnerability Management.

You need to ensure that User1 can configure alerts that will send email notifications to Group1. The solution must follow the principle of least privilege.

Which permissions should you assign to User1?

  • A. Defender Vulnerability Management - Remediation handling
  • B. Alerts investigation
  • C. Live response capabilities: Basic
  • D. Manage security settings
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by madscientist23 at May 31, 2024, 2:44 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
liveup2it
Highly Voted 11 months, 2 weeks ago
Selected Answer: D
You can configure Microsoft Defender XDR to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity. If you're using Defender for Business, you can set up email notifications for specific users (not roles or groups). Note Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications. Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2. https://learn.microsoft.com/en-us/defender-xdr/configure-email-notifications
upvoted 11 times
sergioandreslq
7 months, 2 weeks ago
The link support the answer to be D. "Only users with 'Manage security settings' permissions can configure email notifications."
upvoted 1 times
...
...
xrxss
Most Recent 7 months ago
Answer is for sure D based on https://learn.microsoft.com/en-us/defender-endpoint/user-roles
upvoted 2 times
...
Syncure
9 months, 1 week ago
Selected Answer: B
It's B Manage Alerts can be done by the following Roles: Security operations \ Security data \ Security data basics (read) Security operations \ Security data \ Alerts (manage) https://learn.microsoft.com/en-us/defender-xdr/compare-rbac-roles
upvoted 1 times
Syncure
9 months, 1 week ago
Miss me above, it's B - Alerts investigation, that role is the only one that has alert(manage) comparing with the rest of the alternatives
upvoted 1 times
...
...
smosmo
10 months ago
Selected Answer: D
Manage security settings in Security Center - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, manage email notifications, manage evaluation lab, and manage allowed/blocked lists for indicators
upvoted 1 times
...
Hawklx
10 months, 2 weeks ago
Selected Answer: D
Based on docs
upvoted 1 times
...
Sekpluz
11 months, 1 week ago
Selected Answer: D
its D 100%
upvoted 2 times
...
laddu001
11 months, 1 week ago
Manage Security settings
upvoted 2 times
...
rsanx42
11 months, 3 weeks ago
Selected Answer: B
Correct answer is B. Alerts Investigation "Alerts investigation - Security operations \ Security data \ Alerts (manage)" https://learn.microsoft.com/en-us/defender-xdr/compare-rbac-roles
upvoted 4 times
...
madscientist23
11 months, 3 weeks ago
Selected Answer: B
B is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago