ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 7 question 14 discussion

Actual exam question from Microsoft's SC-200
Question #: 14
Topic #: 7
[All SC-200 Questions]

You have a Microsoft 365 subscription that contains a user named User1 and two Windows devices named Device1 and Device2. Device1 and Device2 are onboarded to Microsoft Defender for Endpoint.

The following events occur.

• User1 signs in to Device1.
• Automatic attack disruption in Microsoft Defender XDR responds to an attack on Device1 and contains User1.
• User1 attempts to connect to Device2.

Which protocols will Device2 block when User1 attempts to connect to Device2?

  • A. RDP only
  • B. RPC only
  • C. SMB only
  • D. RDP and RPC only
  • E. SMB and RPC only
  • F. RDP, RPC, and SMB
Show Suggested Answer Hide Answer
Suggested Answer: F 🗳️
by CubicTeach at Jan. 5, 2025, 11:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Blasty
4 months ago
Selected Answer: F
When an identity is contained, any supported Microsoft Defender for Endpoint onboarded device will block incoming traffic in specific protocols related to attacks (network logons, RPC, SMB, RDP), terminate ongoing remote sessions and logoff existing RDP connections (terminating the session itself including all its related processes), while enabling legitimate traffic. https://learn.microsoft.com/en-us/defender-endpoint/respond-machine-alerts#contain-user-from-the-network
upvoted 3 times
...
trut_hz
5 months, 2 weeks ago
Selected Answer: F
When Automatic Attack Disruption in Microsoft Defender XDR contains a user due to an identified attack, it takes specific actions to isolate the user and prevent the spread of the attack. One of these actions is blocking specific protocols to limit lateral movement and access to other devices. For User1, attempting to connect to another device (Device2) after being contained will result in blocking access via the following protocols: RDP (Remote Desktop Protocol): Commonly used for remote management and often exploited in lateral movement attacks. RPC (Remote Procedure Call): Used for remote execution of tasks and communication between Windows systems; also a common target for attackers. SMB (Server Message Block): Facilitates file sharing and other operations between devices. Attackers frequently exploit SMB vulnerabilities for lateral movement and data exfiltration.
upvoted 3 times
...
CubicTeach
5 months, 3 weeks ago
Selected Answer: F
Not sure but from Copilot: F
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel