ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 370 discussion

Actual exam question from Microsoft's MS-102
Question #: 370
Topic #: 1
[All MS-102 Questions]

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint and Microsoft Intune.

All devices run Windows 11 and are Microsoft Entra joined.

You are alerted to a zero-day attack.

You need to identify which devices were affected by the attack and send a request to Intune administrators to update the affected devices.

Which two actions should you perform in the Microsoft Defender portal? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A. From Threat analytics, view the list of vulnerable devices.
  • B. From Incidents & alerts, select the latest incident.
  • C. From Vulnerability management, open the security recommendation.
  • D. Select the affected devices and request remediation.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by makonmakon at Feb. 12, 2025, 5:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
makonmakon
Highly Voted 2 months, 2 weeks ago
Selected Answer: AD
A. From Threat analytics, view the list of vulnerable devices. Go to Microsoft Defender portal. Navigate to Threat hunting > Advanced hunting. Run a Kusto Query Language (KQL) query to identify affected devices based on indicators of compromise (IOCs), suspicious processes, or exploit activity. D. Select the affected devices and request remediation. for example by tagging devices and notifying Intune Administrators
upvoted 5 times
004b54b
2 weeks, 6 days ago
I agree, as Threat Analytics permit to view impacted assets (see screenshot in link provided). https://learn.microsoft.com/en-us/defender-xdr/threat-analytics#overview-quickly-understand-the-threat-assess-its-impact-and-review-defenses
upvoted 1 times
...
fabiomartinsnet
3 weeks, 4 days ago
A: it shows vulnerables incidents, not the affected... B: is better to identify affected devices C: it´s partially relevant... B is better D: it´s relevant to the second goal: send notification to intune admins to update devices.. I´d answer B/D
upvoted 1 times
...
sVn01
1 month, 2 weeks ago
i agree
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago