Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
SC-200: Mitigate threats using Microsoft Defender for Endpoint Microsoft Quiz Answers
Get SC-200: Mitigate threats using Microsoft Defender for Endpoint Microsoft Quiz Answers
Implement the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.
This learning path helps prepare you for Exam SC-200: Microsoft Security Operations Analyst.
Prerequisites:
- Basic understanding of Microsoft 365
- Intermediate understanding of Windows 10 devices
- Understanding of Microsoft Defender like you could learn from learning path SC-200: Mitigate threats using Microsoft Defender
Module 1: Protect against threats with Microsoft Defender for Endpoint
Learn how Microsoft Defender for Endpoint can help your organization stay secure.
Learning objectives:
In this module, you will learn how to:
- Define the capabilities of Microsoft Defender for Endpoint.
- Understand how to hunt threats within your network.
- Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
Prerequisites:
- Intermediate understanding of Microsoft 365
This module is part of these learning paths:
- Defend against threats with Microsoft 365
- MS-500 part 2 – Implement and manage threat protection
- SC-200: Mitigate threats using Microsoft Defender for Endpoint
Quiz 1: Summary and knowledge check
Q1. What is required to deploy Microsoft Defender for Endpoint to Windows devices in your organization?
- Subscription to the Microsoft Defender for Endpoint online service.
- No action is required. Microsoft Defender for Endpoint is included in the Windows 10 operating system.
- License for Microsoft Intune.
Q2. Which of the following choices describes threat hunting using Microsoft Defender for Endpoint?
- You can proactively inspect events in your network using a powerful search and query tool.
- Detecting and blocking apps that are considered unsafe but may not be detected as malware.
- Reduce vulnerabilities (attack surfaces) in your applications with intelligent rules that help stop malware.
Q3. Which of the following is not a component of Microsoft Defender for Endpoint?
- Next generation protection
- Endpoint detection and response
- Cloud device management
Module 2: Deploy the Microsoft Defender for Endpoint environment
Learn how to deploy the Microsoft Defender for Endpoint environment, including onboarding devices and configuring security.
Learning objectives:
Upon completion of this module, the learner will be able to:
- Create a Microsoft Defender for Endpoint environment
- Onboard devices to be monitored by Microsoft Defender for Endpoint
- Configure Microsoft Defender for Endpoint environment settings
Prerequisites:
Basic understanding of Microsoft 365.
This module is part of these learning paths:
- MS-500 part 2 – Implement and manage threat protection
- SC-200: Mitigate threats using Microsoft Defender for Endpoint
Quiz 1: Knowledge check
Q1. The default data retention period in Microsoft 365 Defender for Endpoint is?
- One month
- Six months
- Three months
Q2. Which of the following options is a valid Microsoft 365 Defender for Endpoint onboarding option for Windows 10 devices?
- Group policy
- Microsoft Store
- General install package
Q3. Which security permission allows the configuration of storage settings?
- Manage security settings in Security Center
- Manage portal system settings
- Advanced commands
Module 3: Implement Windows security enhancements with Microsoft Defender for Endpoint
Microsoft Defender for Endpoint gives you various tools to eliminate risks by reducing the surface area for attacks without blocking user productivity. Learn about Attack Surface Reduction (ASR) with Microsoft Defender for Endpoint.
Learning objectives:
Upon completion of this module, the learner will be able to:
- Explain Attack Surface Reduction in Windows
- Enable Attack Surface Reduction rules on Windows 10 devices
- Configure Attack Surface Reduction rules on Windows 10 devices
Prerequisites:
Intermediate understanding of Windows 10.
This module is part of these learning paths:
Quiz 1: Knowledge check
Q1. Which solution is used to control the applications that must earn trust to be run?
- Exploit protection
- Controlled folder access
- Application control
Q2. Which option below is an attack surface reduction rule that can be configured?
- Block PowerShell from executing
- Block process creations originating from PSExec and WMI commands
- Block content from mobile devices
Q3. Which of the following items is a deployment option?
- PowerShell
- ASRConfig.exe
- Microsoft Deployment System
Module 4: Perform device investigations in Microsoft Defender for Endpoint
Microsoft Defender for Endpoint provides detailed device information, including forensics information. Learn about information available to you through Microsoft Defender for Endpoint that will aid in your investigations.
Learning objectives:
Upon completion of this module, the learner will be able to:
- Use the device page in Microsoft Defender for Endpoint
- Describe device forensics information collected by Microsoft Defender for Endpoint
- Describe behavioral blocking by Microsoft Defender for Endpoint
Prerequisites:
Intermediate understanding of Windows 10.
This module is part of these learning paths:
Quiz 1: Knowledge check
Q1. The security operations analyst has found an interesting event, what should be done to mark it for further review?
- Tag
- Highlight
- Flag
Q2. Which Behavioral blocking can be used with third-party antivirus?
- Client behavior blocking.
- EDR in block mode
- Feedback-loop blocking
Q3. A Windows 10 Device doesn’t appear in the device list, what could be the problem?
- The Device was renamed.
- The Device is missing the latest KBs
- The Device hasn’t had alerts in the past 30 days.
Module 5: Perform actions on a device using Microsoft Defender for Endpoint
Learn how Microsoft Defender for Endpoint provides the remote capability to contain devices and collect forensics data.
Learning objectives:
Upon completion of this module, the learner will be able to:
- Perform actions on a device using Microsoft Defender for Endpoint
- Conduct forensics data collection using Microsoft Defender for Endpoint
- Access devices remotely using Microsoft Defender for Endpoint
Prerequisites:
Intermediate understanding of Windows 10.
This module is part of these learning paths:
Quiz 1: Knowledge check
Q1. Which type of information is collected in an Investigation package?
- Command History
- Prefetch Files
- Network transactions
Q2. Which of the actions below is a Device action?
- Reboot
- Reformat device
- Isolate device
Module 6: Perform evidence and entities investigations using Microsoft Defender for Endpoint
Learn about the artifacts in your environment and how they relate to other artifacts and alerts that will provide you insight to understand the overall impact to your environment.
Learning objectives:
Upon completion of this module, the learner will be able to:
- Investigate files in Microsoft Defender for Endpoint
- Investigate domains and IP addresses in Microsoft Defender for Endpoint
- Investigate user accounts in Microsoft Defender for Endpoint
Prerequisites:
Intermediate understanding of Windows 10.
This module is part of these learning paths:
Quiz 1: Knowledge check
Q1. Which of the following artifact types has an investigation page?
- Domain
- Hunter
- Threat Actor
Q2. What information is provided by a deep file analysis?
- Command history
- Registry Modifications
- Code change history
Q3. Which information is provided on the user account page?
- Associated alerts
- Security groups
- Threat hunt ID
Module 7: Configure and manage automation using Microsoft Defender for Endpoint
Learn how to configure automation in Microsoft Defender for Endpoint by managing environmental settings.
Learning objectives:
Upon completion of this module, the learner will be able to:
- Configure advanced features of Microsoft Defender for Endpoint
- Manage automation settings in Microsoft Defender for Endpoint
Prerequisites:
Intermediate understanding of Windows 10.
This module is part of these learning paths:
Quiz 1: Knowledge check
Q1. Which is a valid remediation level?
- Semi – require approval for any remediation
- Semi – user accounts only
- Semi – files only
Q2. A security operations analyst needs to exclude a custom executable file c:\myapp\myapp.exe, which exclusion type should they use?
- File
- Extension
- Folder
Q3. In advanced features, which setting should be turned on to block files even if a third-party antivirus is used?
- Enable EDR in block mode
- Allow or block file
- Automated Investigation
Module 8: Configure for alerts and detections in Microsoft Defender for Endpoint
Learn how to configure settings to manage alerts and notifications. You’ll also learn to enable indicators as part of the detection process.
Learning objectives:
After completion of this module, you’ll be able to:
- Configure alert settings in Microsoft Defender for Endpoint
- Manage indicators in Microsoft Defender for Endpoint
Prerequisites:
Intermediate understanding of Windows 10.
This module is part of these learning paths:
Quiz 1: Knowledge check
Q1. Which file type can be used to upload Indicators?
- JSON
- XML
- CSV
Q2. Which type is an accepted indicator type?
- Certificates
- Email subject line
- Code data
Q3. Which filter is included as part of an Alert notification rule?
- Alert Severity
- Account
- Subject IDs
Module 9: Utilize Vulnerability Management in Microsoft Defender for Endpoint
Learn about your environment’s weaknesses by using Vulnerability Management in Microsoft Defender for Endpoint.
Learning objectives:
Upon completion of this module, the learner will be able to:
- Describe Vulnerability Management in Microsoft Defender for Endpoint
- Identify vulnerabilities on your devices with Microsoft Defender for Endpoint
- Track emerging threats in Microsoft Defender for Endpoint
Prerequisites:
Intermediate understanding of Windows 10.
This module is part of these learning paths:
Quiz 1: Knowledge check
Q1. In the Vulnerable Devices Report, which graphs show each device counted only once based on the highest level of known exploit?
- Vulnerability age graphs
- Exploit availability graphs
- Severity level graphs
Q2. Which report lists the software vulnerabilities your devices are exposed to by listing the Common Vulnerabilities and Exposures (CVE) ID?
- Event Timeline
- Weakness
- Software Inventory
Q3. Which report or dashboard provides a list of the most recently published threat reports?
- Vulnerable devices report
- Threat protection
- Threat Analytics
Conclusion:
I hope this SC-200: Mitigate threats using Microsoft Defender for Endpoint Microsoft Quiz Answers would be useful for you to learn something new from this problem. If it helped you then don’t forget to bookmark our site for more Coding Solutions.
This Problem is intended for audiences of all experiences who are interested in learning about Data Science in a business context; there are no prerequisites.
Keep Learning!
More Coding Solutions >>
