ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 4 question 11 discussion

Actual exam question from Microsoft's SC-200
Question #: 11
Topic #: 4
[All SC-200 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices.

As part of an incident investigation, you identify the following suspected malware files:

• sys
• pdf
• docx
• xlsx

You need to create indicator hashes to block users from downloading the files to the devices.

Which files can you block by using the indicator hashes?

  • A. File1.sys only
  • B. File1.sys and File3.docx only
  • C. File1.sys, File3.docx, and File4.xlsx only
  • D. File2.pdf, File3.docx, and File4.xlsx only
  • E. File1.sys, File2.pdf, File3.docx, and File4.xlsx
Show Suggested Answer Hide Answer
Suggested Answer: E 🗳️
by liveup2it at June 4, 2024, 2:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
liveup2it
Highly Voted 11 months ago
Selected Answer: E
Based on File hashes, you should be able to block each and every file with this hash, regardless the name of the file.
upvoted 18 times
Tuitor01
5 months, 1 week ago
I second this...adding though that M$ doesn't recommend using hash based IOC since they can change in a blink of an eye but use App control instead (side note), so Answer E, undoubtedly since a hash is file name and extension agnostic.
upvoted 2 times
...
...
g_man_rap
Highly Voted 8 months, 2 weeks ago
Selected Answer: A
Key Points: Executable Files: Microsoft Defender for Endpoint can block executable files such as .exe, .dll, .sys, and other similar types. Non-Executable Files: Generally, Microsoft Defender for Endpoint does not allow blocking of non-executable files (e.g., .pdf, .docx, .xlsx) by file hash using the same indicator mechanism designed for executables.
upvoted 5 times
...
RonWonkers
Most Recent 3 months, 3 weeks ago
Selected Answer: E
You make get a hash for every file and block it.
upvoted 2 times
...
Avaris
3 months, 4 weeks ago
Selected Answer: E
I am gonna go with a whim and select E for one reason, I remember blocking all types of files including pdfs we block with hashes I think
upvoted 1 times
...
arturro007
4 months, 2 weeks ago
Selected Answer: E
Question is about hashes. You can add any hash to Defender and it will be blocked.
upvoted 1 times
...
1375514
5 months, 1 week ago
Selected Answer: A
https://learn.microsoft.com/en-us/defender-endpoint/indicator-file From Microsoft: "File indicators support portable executable (PE) files, including .exe and .dll files only." Only the .sys is a PE file, therefore it is the only file that can be blocked via file indicator.
upvoted 2 times
...
talosDevbot
6 months, 3 weeks ago
Selected Answer: A
File indicators only support Portable Execution (PE) files like exe, dll, sys
upvoted 3 times
...
talosDevbot
7 months ago
File indicators only support Portable Execution (PE) files like exe, dll, sys
upvoted 2 times
...
b9cf0e5
7 months, 2 weeks ago
Answer is D: Blocking .sys files could affect system functionality, and thus Defender for Endpoint does not allow blocking system-critical files.
upvoted 2 times
...
smanzana
9 months ago
E https://learn.microsoft.com/en-us/defender-endpoint/indicator-file
upvoted 1 times
...
Rodwhite
9 months, 2 weeks ago
Selected Answer: E
I took the hash from (.pdf, sys, doc,) and each file and was able to upload successfully. Therefore, the answer is E.
upvoted 1 times
...
Hawklx
9 months, 3 weeks ago
Selected Answer: A
This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including .exe and .dll files. Ref: https://learn.microsoft.com/en-us/defender-endpoint/indicator-file
upvoted 5 times
shdwktn
9 months, 1 week ago
by this logic and the link you provided. .sys files are not even stated. Maybe I misunderstood
upvoted 1 times
Syncure
8 months, 2 weeks ago
Portable Executable(PE) include: .exe .dll .sys .ocx .cpl .scr The answer es A at the moment, I don't see Office 365 files supports in the MD for Endpoint V2 in this feature
upvoted 2 times
...
...
...
phoenix5
10 months, 1 week ago
Answer - C (.sys , .docx, .xlsx as per this explanation by Copilot - You can create indicator hashes to block executable files with the following extensions: .exe, .dll, and .sys. Additionally, Office files like .docx and .xlsx can also be blocked using indicator hashes. However, PDF files cannot be blocked using indicator hashes in Microsoft Defender for Endpoint1.
upvoted 3 times
...
ada26b1
10 months, 2 weeks ago
Selected Answer: E
Surely you can block all of them
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago