Exam SC-200 topic 1 question 27 discussion

The first answer is correct, but the second answer is wrong. The network assessment job has nothing to do with the question. It is a feature to scan networks and discover network devices for vulnerability management. The correct answer should be "Automation in Full mode", because it is the only correct answer since the last provided answer is to set Automation to "Not automated" which is not correct as per Microsoft docs on Live Response, check it out here "Ensure that the device has an Automation Remediation level assigned to it." https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide Ensure that the device has an Automation Remediation level assigned to it. You'll need to enable, at least, the minimum Remediation Level for a given Device Group. Otherwise you won't be able to establish a Live Response session to a member of that group.

1. Turn on Liv response 2. Create a device group that contains the devices and set Automation level to No automated response, because setting "no automated response" ensures that Defender for Endpoint will not automatically take any actions on devices, but users can still use Live Response. This adheres to the principle of least privilege, as users are not granted unnecessary automated control over devices.

Turn On Live response and full level

Turn on Live reponse and Full automation

in exam 9/20/23

Box 1: Turn on Live Response Fact: Live response requires Automated investigation to be turned on before you can enable it in the advanced settings section in the Microsoft Defender for Endpoint portal. - this also gives the answer to Box 2 Box 2: Create a device group that contains the devices and set Automation level to Full "With no automation, automated investigation doesn't run on your organization's devices." no automation = automated investigation is off, not on, and it needs to be on (Full Remediation) for Live Response to work.

The second answer is obviosuly wrong. Why isnt this page updated?

1. Turn On Live Response 2. Automation Level should be full. Ensure that the device has an Automation Remediation level assigned to it. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/live-response?source=recommendations&view=o365-worldwide

Second need to be full. Whole concept of REMEDIATION during live connect is based on Remediation assigned. If its off, then Live connect wont start.

The second answer should be the last one. It has to have a minimum Remediation level https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide

The second answer for the creation of a network assessment job is confusing. Could someone explain?