ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 1 question 62 discussion

Actual exam question from Microsoft's SC-200
Question #: 62
Topic #: 1
[All SC-200 Questions]

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode.

You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product.

Solution: You configure endpoint detection and response (EDR) in block mode.

Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Shingie at Dec. 30, 2024, 9:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sdbol
2 weeks ago
Selected Answer: A
https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-antivirus-compatibility#passive-mode-or-edr-in-block-mode In passive mode, Microsoft Defender Antivirus isn't used as the antivirus app, and threats aren't* remediated by Microsoft Defender Antivirus. However, Endpoint detection and response (EDR) in block mode can remediate threats. Files are scanned by EDR, and reports are provided for threat detections that are shared with the Defender for Endpoint service. You might see alerts showing Microsoft Defender Antivirus as a source, even when Microsoft Defender Antivirus is in passive mode.
upvoted 2 times
...
a_kto_to
1 month, 2 weeks ago
Selected Answer: A
ChetGTP: ✅ Yes, the solution meets the goal. 🛡️ Explanation: EDR in block mode allows Microsoft Defender for Endpoint to block and remediate threats, even when Microsoft Defender Antivirus is in passive mode. So, even though a third-party antivirus is the primary AV, EDR in block mode will: Detect threats using Defender for Endpoint's telemetry. Automatically block or remediate threats that the third-party AV missed. Provide real-time protection against malicious artifacts.
upvoted 1 times
...
HAjouz
3 months ago
Selected Answer: B
B. No. EDR in block mode is a reactive measure. It acts after malicious activity is detected. The goal is to protect against malicious artifacts undetected by the third-party antivirus. EDR won't necessarily detect a file that the antivirus missed unless that file is executed and exhibits suspicious behavior. The scenario requires a proactive approach to find these undetected artifacts.
upvoted 1 times
61a7522
2 weeks, 5 days ago
EDR in block mode will detect activity related to the artifacts such as suspicious file activity etc - This works even if 3rd party antivirus + Defender do not initially flag the malicious artifact.
upvoted 1 times
...
...
Shingie
4 months, 4 weeks ago
Selected Answer: A
Answer: A. Yes Configuring Endpoint Detection and Response (EDR) in block mode meets the goal. EDR in block mode allows Microsoft Defender for Endpoint to detect and remediate malicious artifacts even when Microsoft Defender Antivirus is in passive mode due to the presence of a third-party antivirus. This ensures that threats missed by the third-party antivirus can still be addressed by Microsoft Defender for Endpoint's advanced detection and response capabilities. Thus, enabling EDR in block mode effectively provides the required protection in this scenario.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel