ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-101 All Questions

View all questions & answers for the MD-101 exam
Go to Exam

Exam MD-101 topic 4 question 38 discussion

Actual exam question from Microsoft's MD-101
Question #: 38
Topic #: 4
[All MD-101 Questions]

HOTSPOT -
You have 200 computers that run Windows 10. The computers are joined to Microsoft Azure Active Directory (Azure AD) and enrolled in Microsoft Intune.
You need to configure an Intune device configuration profile to meet the following requirements:
✑ Prevent Microsoft Office applications from launching child processes.
✑ Block users from transferring files over FTP.
Which two settings should you configure in Endpoint protection? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Microsoft Defender Firewall
Block users from transferring files over FTP.
Microsoft Defender Firewall settings include MdmStore/Global/DisableStatefulFtp, which could be used to disable stateful FTP.
Box 2: Microsoft Defender Exploit Guard
Prevent Microsoft Office applications from launching child processes.
Attack surface reduction rules in the Microsoft Defender.
These rules include: Block all Office applications from creating child processes
Note: Attack surface reduction rule merge behavior is as follows:
Attack surface reduction rules from the following profiles are evaluated for each device the rules apply to:
Devices > Configuration policy > Endpoint protection profile > *Microsoft Defender Exploit Guard* > Attack Surface Reduction
Endpoint security > Attack surface reduction policy > Attack surface reduction rules
Endpoint security > Security baselines > Microsoft Defender for Endpoint Baseline > Attack Surface Reduction Rules.
Reference:
https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10
by Moumouh07 at Sept. 29, 2021, 7:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Moumouh07
Highly Voted 3 years, 9 months ago
Correct
upvoted 9 times
...
Amir1909
Most Recent 1 year, 5 months ago
Correct
upvoted 1 times
...
[Removed]
3 years, 3 months ago
Yes, Exploit Guard. The required setting is under "Attack surface reduction". I just checked that.
upvoted 4 times
RodrigoT
3 years, 2 months ago
You're right my friend. I tested too in my tenant. And here is the link: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-all-office-applications-from-creating-child-processes
upvoted 5 times
RodrigoT
3 years, 2 months ago
I just don't understand why the picture is repeating items. The correct list is: Microsoft Defender Application Guard Microsoft Defender Firewall <------------ Microsoft Defender SmartScreen Windows Encryption Microsoft Defender Exploit Guard <-------- Microsoft Defender Application Control Microsoft Defender Credential Guard Microsoft Defender Security Center Local device security options Xbox services User Rights
upvoted 5 times
...
...
...
Soufien1030
3 years, 6 months ago
I will go with prevent M Office Apps from launching processes: Windows Defender Exploit Guard https://www.microsoft.com/security/blog/2017/10/23/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/ Block users transfering files over FTP: Microsoft Defender Firewall https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-windows-10
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel