ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 1 question 66 discussion

Actual exam question from Microsoft's SC-200
Question #: 66
Topic #: 1
[All SC-200 Questions]

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

You have a Microsoft 365 subscription.

You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode.

All Windows devices are onboarded to Microsoft Defender for Endpoint.

You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product.

Solution: You enable Live Response.

Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Edindude at Feb. 8, 2025, 3:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
a_kto_to
2 months, 1 week ago
Selected Answer: B
ChatGTP: B. No ⚠️ Explanation: Live Response is a feature in Microsoft Defender for Endpoint that allows administrators to interact with and respond to security incidents by performing actions on devices remotely (e.g., investigating alerts, killing processes, or quarantining files). However: Live Response is not designed to prevent or block threats proactively. It is used for investigation and response after an incident is detected. It does not provide real-time protection from malicious artifacts that are undetected by the third-party antivirus product. For proactive protection from undetected threats, you should enable EDR in block mode, which allows Microsoft Defender for Endpoint to automatically block and remediate threats (even when Defender Antivirus is in passive mode).
upvoted 1 times
...
df34ec7
3 months, 3 weeks ago
Selected Answer: B
Live Response in Microsoft Defender for Endpoint (MDE) is a tool used for investigating and remediating threats manually through an interactive remote shell. However, it does not automatically block or remediate threats missed by the third-party antivirus. To ensure protection from undetected threats, you need to enable EDR in Block Mode, which allows Defender for Endpoint to automatically block and remediate threats, even when Microsoft Defender Antivirus is in passive mode.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel