You receive a security bulletin about a potential attack that uses an image file. You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to prevent the attack. Which indicator type should you use?
A.
a URL/domain indicator that has Action set to Alert only
B.
a URL/domain indicator that has Action set to Alert and block
C.
a file hash indicator that has Action set to Alert and block
D.
a certificate indicator that has Action set to Alert and block
The correct answer it seems like, as steps for to Create an indicator for files from the settings page
1. In the navigation pane, select Settings > Endpoints > Indicators (under Rules).
2. Select the File hashes tab.
3. Select Add indicator.
4. Specify the following details:
5. Indicator - Specify the entity details and define the expiration of the indicator.
* Action - Specify the action to be taken and provide a description.
* Scope - Define the scope of the device group.
* Review the details in the Summary tab, then select Save.
This section is not available anymore. Please use the main Exam Page.SC-200 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HSBNZ
Highly Voted 8 months, 2 weeks agoTx4free
Highly Voted 3 years, 3 months agoNikki0222
Most Recent 7 months, 2 weeks agoMakawai
1 year, 7 months agochepeerick
1 year, 7 months agokamun1st
2 years, 5 months ago