ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 2 question 2 discussion

Actual exam question from Microsoft's MS-500
Question #: 2
Topic #: 2
[All MS-500 Questions]

HOTSPOT -
You have a Microsoft 365 subscription.
You configure Microsoft Defender for Endpoint as shown in the following table.

You onboard devices to Microsoft Defender for Endpoint as shown in the following table.

Microsoft Defender for Endpoint contains the incidents shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No -
File1.exe on Device1 is suspicious. Device1 is in Group1. Group1 has automation level Full - remediate threats automatically.
Note: Full automation (recommended) means remediation actions are taken automatically on artifacts determined to be malicious.

Box 2: Yes -
File2 on Device2 is malicious. Device2 is in Group2. Group2 has automation level Semi - require approval for core folders.
Note: Semi-automation means some remediation actions are taken automatically, but other remediation actions await approval before being taken.
Semi - require approval for core folders remediation:
With this level of semi-automation, approval is required for any remediation actions needed on files or executables that are in core folders. Core folders include operating system directories, such as the Windows (\windows\*).
Remediation actions can be taken automatically on files or executables that are in other (non-core) folders.

Box 3: No -
File3 on Device3 is malicious. Device3 is in Group3. Group3 has automation level Semi - require approval for all folders.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/automation-levels
by billo79152718 at Sept. 15, 2022, 12:30 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
horseboxIRL
Highly Voted 2 years, 7 months ago
N Y N https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-auto-investigation?view=o365-worldwide#review-completed-actions Case 1: According to the doc - Full - remediate threats automatically: A verdict of Malicious is reached for a piece of evidence. This means the Suspicious file will not be auto-remediated. Case 2: The file will be AR as it falls outside of the core folders. Case 3: Approval for all folders.
upvoted 12 times
...
sarabjeet22
Most Recent 2 years ago
N N N https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/automation-levels?view=o365-worldwide
upvoted 2 times
tjitsen
2 years ago
N Y N Based on your same reference, my answer is N Y N It states that C:\Temp is not considered a core folder, so automatic remediation in this case. Reference: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/automation-levels?view=o365-worldwide
upvoted 2 times
...
...
ChachaChatra
2 years, 4 months ago
Valid on28/01/23
upvoted 3 times
...
zik4
2 years, 5 months ago
Y-Y- N
upvoted 1 times
...
hans333
2 years, 6 months ago
YYN, @horseboxIRL, it also says: Appropriate remediation actions are taken automatically.
upvoted 1 times
...
tatdatpham
2 years, 7 months ago
I think the answer should be Y - Y - N
upvoted 2 times
...
billo79152718
2 years, 9 months ago
According to: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/automation-levels?view=o365-worldwide
upvoted 3 times
...
billo79152718
2 years, 9 months ago
Correct!
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel