ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 4 question 21 discussion

Actual exam question from Microsoft's SC-100
Question #: 21
Topic #: 4
[All SC-100 Questions]

DRAG DROP
-

Your company wants to optimize ransomware incident investigations.

You need to recommend a plan to investigate ransomware incidents based on the Microsoft Detection and Response Team (DART) approach.

Which three actions should you recommend performing in sequence in the plan? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Show Suggested Answer Hide Answer
Suggested Answer:
by Stubentiger at Jan. 9, 2023, 7:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Stubentiger
Highly Voted 1 year, 5 months ago
looks ok. https://learn.microsoft.com/en-us/security/compass/incident-response-playbook-dart-ransomware-approach
upvoted 16 times
...
cyber_sa
Highly Voted 9 months ago
got this in exam 6oct23. passed with 896 marks. I answered AS PER GIVEN ANSWER
upvoted 5 times
...
ServerBrain
Most Recent 10 months, 3 weeks ago
looks logical
upvoted 2 times
...
zellck
1 year, 1 month ago
1. Assess the current situation and identify the scope. 2. Identify which LOB apps are unavailable due to a ransomware incident. 3. Identify the compromise recovery process. https://learn.microsoft.com/en-us/security/operations/incident-response-playbook-dart-ransomware-approach#the-dart-approach-to-conducting-ransomware-incident-investigations The following are three key steps in DART ransomware investigations: 1. Assess the current situation 2. Identify the affected line-of-business (LOB) apps 3. Determine the compromise recovery (CR) process
upvoted 3 times
...
OCHT
1 year, 3 months ago
I prefer 4 , 1 , 3 also. Regarding the alternative sequence of 4, 1, and 2, while identifying the compromise recovery process is an important step, it may not be the most urgent or critical one, especially if the scope of the incident and the impacted LOB applications are not yet known. Therefore, it is more effective to prioritize identifying the scope and impacted LOB applications first, and then move on to identifying the compromise recovery process and implementing measures to reduce the risk of privileged access compromise. A comprehensive and proactive approach to cybersecurity is essential to prevent and mitigate the impact of cyber incidents. This includes adopting best practices and following established incident response procedures, continuously monitoring systems and networks for potential threats, and regularly reviewing and updating security policies and procedures to adapt to changing threats and circumstances
upvoted 1 times
...
Fal991l
1 year, 3 months ago
ChatGTP: The recommended plan to investigate ransomware incidents based on the Microsoft Detection and Response Team (DART) approach, in the correct sequence, is as follows: Assess the current situation and identify the scope: This step involves identifying which systems have been impacted and the extent of the damage caused by the ransomware attack. Identify which line-of-business (LOB) apps are unavailable due to a ransomware process: This step involves identifying which LOB apps are affected by the ransomware attack and determining the impact on business operations. Implement a comprehensive strategy to reduce the risk of privileged access compromise: This step involves implementing security best practices to prevent future ransomware attacks, such as limiting privileged access and enforcing multi-factor authentication.
upvoted 1 times
Fal991l
1 year, 3 months ago
n general, it's important to follow the incident response plan for your organization, which may include additional steps beyond those listed here. Therefore, the correct order of actions is 4, 1, and 3. Option 2 and 5 are not mentioned in the DART approach for ransomware incident investigation, so they are not included in the plan.
upvoted 1 times
xero180sx
1 year, 3 months ago
4, 1, 2 2 is listed in there. 1. Assess the current situation 2. Identify the affected line-of-business (LOB) apps 3. Determine the compromise recovery (CR) process https://learn.microsoft.com/en-us/security/operations/incident-response-playbook-dart-ransomware-approach
upvoted 1 times
...
...
...
Ajdlfasudfo0
1 year, 4 months ago
correct, https://learn.microsoft.com/en-us/security/compass/incident-response-playbook-dart-ransomware-approach#the-dart-approach-to-conducting-ransomware-incident-investigations
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel