ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 4 question 11 discussion

Actual exam question from Microsoft's SC-200
Question #: 11
Topic #: 4
[All SC-200 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices.

As part of an incident investigation, you identify the following suspected malware files:

• sys
• pdf
• docx
• xlsx

You need to create indicator hashes to block users from downloading the files to the devices.

Which files can you block by using the indicator hashes?

  • A. File1.sys only
  • B. File1.sys and File3.docx only
  • C. File1.sys, File3.docx, and File4.xlsx only
  • D. File2.pdf, File3.docx, and File4.xlsx only
  • E. File1.sys, File2.pdf, File3.docx, and File4.xlsx
Show Suggested Answer Hide Answer
Suggested Answer: E 🗳️
by liveup2it at June 4, 2024, 2:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
liveup2it
Highly Voted 1 year, 1 month ago
Selected Answer: E
Based on File hashes, you should be able to block each and every file with this hash, regardless the name of the file.
upvoted 19 times
Krayzr
2 months, 1 week ago
Are There Limitations? Could there be restrictions based on file type or extension? In some security contexts, blocking might focus on execution (e.g., for .exe or .sys) rather than file access. However, Microsoft Defender for Endpoint’s "Block and remediate" action is designed to prevent file operations broadly—reading, writing, or executing—based on hash matches. Documentation and practical use cases confirm that this applies to all file types, including documents like .pdf, .docx, and .xlsx, not just executables. There’s no indication in Plan 2 that certain file extensions are excluded from hash-based blocking.
upvoted 1 times
Krayzr
2 months ago
However, given this straight forward link. It should be A: https://learn.microsoft.com/en-us/defender-endpoint/indicator-file#windows-prerequisites
upvoted 1 times
...
...
Tuitor01
8 months, 1 week ago
I second this...adding though that M$ doesn't recommend using hash based IOC since they can change in a blink of an eye but use App control instead (side note), so Answer E, undoubtedly since a hash is file name and extension agnostic.
upvoted 2 times
...
...
Hawklx
Highly Voted 1 year ago
Selected Answer: A
This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including .exe and .dll files. Ref: https://learn.microsoft.com/en-us/defender-endpoint/indicator-file
upvoted 7 times
shdwktn
1 year ago
by this logic and the link you provided. .sys files are not even stated. Maybe I misunderstood
upvoted 1 times
Syncure
11 months, 3 weeks ago
Portable Executable(PE) include: .exe .dll .sys .ocx .cpl .scr The answer es A at the moment, I don't see Office 365 files supports in the MD for Endpoint V2 in this feature
upvoted 2 times
...
...
...
Feredi
Most Recent 2 months ago
Selected Answer: A
According to Microsoft Defender for Endpoint documentation, you can block files based on hash only if they are executable. This typically includes: .exe, .dll, .sys, .msi, .scr, .drv, .com
upvoted 3 times
Krayzr
2 months ago
https://learn.microsoft.com/en-us/defender-endpoint/indicator-file#windows-prerequisites
upvoted 1 times
...
...
QzLP2P
2 months, 2 weeks ago
Selected Answer: C
You cannot block pdf https://learn.microsoft.com/en-us/defender-endpoint/indicator-ip-domain?view=o365-worldwide#limitations
upvoted 1 times
...
RonWonkers
6 months, 4 weeks ago
Selected Answer: E
You make get a hash for every file and block it.
upvoted 2 times
...
Avaris
7 months ago
Selected Answer: E
I am gonna go with a whim and select E for one reason, I remember blocking all types of files including pdfs we block with hashes I think
upvoted 1 times
...
arturro007
7 months, 3 weeks ago
Selected Answer: E
Question is about hashes. You can add any hash to Defender and it will be blocked.
upvoted 1 times
...
1375514
8 months, 1 week ago
Selected Answer: A
https://learn.microsoft.com/en-us/defender-endpoint/indicator-file From Microsoft: "File indicators support portable executable (PE) files, including .exe and .dll files only." Only the .sys is a PE file, therefore it is the only file that can be blocked via file indicator.
upvoted 3 times
Krayzr
2 months ago
https://learn.microsoft.com/en-us/defender-endpoint/indicator-file#windows-prerequisites
upvoted 1 times
...
...
talosDevbot
9 months, 3 weeks ago
Selected Answer: A
File indicators only support Portable Execution (PE) files like exe, dll, sys
upvoted 4 times
...
talosDevbot
10 months ago
File indicators only support Portable Execution (PE) files like exe, dll, sys
upvoted 2 times
...
b9cf0e5
10 months, 3 weeks ago
Answer is D: Blocking .sys files could affect system functionality, and thus Defender for Endpoint does not allow blocking system-critical files.
upvoted 2 times
...
g_man_rap
11 months, 2 weeks ago
Selected Answer: A
Key Points: Executable Files: Microsoft Defender for Endpoint can block executable files such as .exe, .dll, .sys, and other similar types. Non-Executable Files: Generally, Microsoft Defender for Endpoint does not allow blocking of non-executable files (e.g., .pdf, .docx, .xlsx) by file hash using the same indicator mechanism designed for executables.
upvoted 6 times
Krayzr
2 months ago
https://learn.microsoft.com/en-us/defender-endpoint/indicator-file#windows-prerequisites
upvoted 1 times
...
...
smanzana
1 year ago
E https://learn.microsoft.com/en-us/defender-endpoint/indicator-file
upvoted 1 times
...
Rodwhite
1 year ago
Selected Answer: E
I took the hash from (.pdf, sys, doc,) and each file and was able to upload successfully. Therefore, the answer is E.
upvoted 1 times
...
phoenix5
1 year, 1 month ago
Answer - C (.sys , .docx, .xlsx as per this explanation by Copilot - You can create indicator hashes to block executable files with the following extensions: .exe, .dll, and .sys. Additionally, Office files like .docx and .xlsx can also be blocked using indicator hashes. However, PDF files cannot be blocked using indicator hashes in Microsoft Defender for Endpoint1.
upvoted 3 times
...
ada26b1
1 year, 1 month ago
Selected Answer: E
Surely you can block all of them
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel