ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 5 question 1 discussion

Actual exam question from Microsoft's SC-100
Question #: 1
Topic #: 5
[All SC-100 Questions]

Your company wants to optimize using Microsoft Defender for Endpoint to protect its resources against ransomware based on Microsoft Security Best Practices.

You need to prepare a post-breach response plan for compromised computers based on the Microsoft Detection and Response Team (DART) approach in Microsoft Security Best Practices.

What should you include in the response plan?

  • A. controlled folder access
  • B. application isolation
  • C. memory scanning
  • D. machine isolation
  • E. user isolation
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by janesb at April 7, 2023, 2:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cris_exam
8 months, 1 week ago
Selected Answer: D
I agree with D. Machine Isolation as per MS doc: "Isolate compromised systems from the network, but don't shut them off." https://learn.microsoft.com/en-us/security/operations/incident-response-playbook-dart-ransomware-approach#containment
upvoted 3 times
...
rishiraval007
12 months ago
D. Machine Isolation This is a crucial step in containing the breach. Isolating the compromised machines from the network prevents the spread of ransomware and other malicious activities. E. User Isolation Along with machine isolation, isolating user accounts that have been compromised is essential. This can prevent attackers from using compromised credentials to access other resources.
upvoted 2 times
...
cyber_sa
1 year ago
Selected Answer: D
got this in exam 6oct23. passed with 896 marks. I answered D
upvoted 3 times
...
zellck
1 year, 5 months ago
Selected Answer: D
D is the answer. https://learn.microsoft.com/en-us/security/operations/incident-response-playbook-dart-ransomware-approach#dart-recommendations-and-best-practices
upvoted 4 times
...
bmulvIT
1 year, 5 months ago
Selected Answer: B
https://learn.microsoft.com/en-us/security/operations/incident-response-playbook-dart-ransomware-approach "Isolate critical known good application servers,"
upvoted 1 times
stepman
1 year, 4 months ago
The question states, "post-breach response plan for compromised computers", and not referring to the post-breach response plan for the preservation of existing systems. The answer is D
upvoted 2 times
...
...
janesb
1 year, 6 months ago
Selected Answer: D
correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago