ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 6 question 25 discussion

Actual exam question from Microsoft's SC-200
Question #: 25
Topic #: 6
[All SC-200 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.



You initiate a live response session on each device.

You need to collect a Defender for Endpoint investigation package from each device.

On which devices can you collect the package by running advanced live response commands from the command-line interface (CLI)?

  • A. Device1 and Device2 only
  • B. Device1, Device2, and Device3 only
  • C. Device3 and Device4 only
  • D. Device1, Device2, Device3, and Device4
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by chirva at Nov. 8, 2024, 10:25 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Onimole
3 months, 3 weeks ago
Selected Answer: C
Answer is device 3 and 4 collect ---> Collects forensics package from device. N (windows ) Y (linux) Y (mac) https://learn.microsoft.com/en-us/defender-endpoint/live-response
upvoted 4 times
Krayzr
1 month, 1 week ago
https://learn.microsoft.com/en-us/defender-endpoint/live-response#advanced-commands
upvoted 1 times
...
...
Itsmebigal
7 months ago
Selected Answer: C
Command Description Windows and Windows Server macOS Linux collect Collects forensics package from device. N Y Y https://learn.microsoft.com/en-us/defender-endpoint/live-response
upvoted 3 times
...
1375514
7 months ago
Selected Answer: C
https://learn.microsoft.com/en-us/defender-endpoint/live-response The Advanced Commands table states that Collect is only available on MacOS and Linux.
upvoted 3 times
...
cypkir
7 months, 1 week ago
Selected Answer: D
All of them! Source: https://learn.microsoft.com/en-us/defender-endpoint/live-response
upvoted 2 times
cypkir
7 months, 1 week ago
Changed my mind, it is C, I read further on the link I provided, we can connect to all of them but only Linux and Mac we can get forensic package data
upvoted 1 times
Onimole
3 months, 3 weeks ago
doesnt say forensic package data in the q
upvoted 1 times
...
...
...
Sophonk
7 months, 2 weeks ago
Selected Answer: D New GPT: Windows: Versions 10 and 11 (specifically, Version 1909 or later, and some earlier versions with specific updates) macOS: Intel-based and ARM-based devices running version 101.43.84 or later Linux: Supported server distributions and kernel versions Windows Server: 2012 R2, 2016, and 2019 (with specific updates)
upvoted 2 times
...
sapphire
7 months, 3 weeks ago
Selected Answer: C
Correct answer is C. You can collect from Linux and MacOS. Source: https://learn.microsoft.com/en-us/defender-endpoint/live-response
upvoted 4 times
...
chirva
7 months, 3 weeks ago
GPT: Windows Devices: Yes, you can collect a Defender for Endpoint investigation package from Windows devices using advanced live response commands. Linux Devices: No, as of the latest updates, collecting investigation packages using advanced live response commands is not supported on Linux devices. MacOS Devices: Yes, you can collect a Defender for Endpoint investigation package from MacOS devices using advanced live response commands. Therefore, you can collect the investigation package by running advanced live response commands from the CLI on Windows and MacOS devices, but not on Linux devices.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel