ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 6 question 29 discussion

Actual exam question from Microsoft's SC-200
Question #: 29
Topic #: 6
[All SC-200 Questions]

You have a Microsoft 365 E5 subscription that contains a device named Device1.

From the Microsoft Defender portal, you discover that an alert was triggered for Device1.

From the Device inventory page, you isolate Device1.

You need to collect a list of installed programs on Device1.

What should you do?

  • A. Run an advanced hunting query against the DeviceProcessEvents table.
  • B. Run an advanced hunting query against the DeviceTvmSoftwareInventory table.
  • C. Initiate an automated investigation and view the results in the Action center.
  • D. Initiate a live response session and run the processes command.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Blasty at Feb. 26, 2025, 1:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Optimizor_IT
1 month ago
Selected Answer: B
AIR focuses on remediating threats (e.g., malware), not generating software inventories. It might incidentally list a malicious program, but it’s not designed to provide a full list of installed software. Initiating this requires more effort and doesn’t guarantee the desired output. The DeviceTvmSoftwareInventory table in Advanced Hunting is part of Microsoft Defender Threat and Vulnerability Management (TVM). It contains a detailed inventory of software installed on devices, including software name, version, publisher, and installation details.
upvoted 1 times
...
Blasty
2 months, 2 weeks ago
Selected Answer: B
The DeviceTvmSoftwareInventory table in the advanced hunting schema contains the Microsoft Defender Vulnerability Management inventory of software currently installed on devices in your network, including end of support information. You can, for instance, hunt for events involving devices that are installed with a currently vulnerable software version. Use this reference to construct queries that return information from the table. https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-devicetvmsoftwareinventory-table
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago