ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 6 question 34 discussion

Actual exam question from Microsoft's SC-200
Question #: 34
Topic #: 6
[All SC-200 Questions]

DRAG DROP
-

You have an on-premises Windows 11 Pro device named Device1 that is onboarded to Microsoft Defender for Endpoint.

You have a Microsoft 365 subscription.

You need to identify the processes running on Device1 and which network connections the processes have open. The solution must minimize administrative effort.

Which four actions should you perform in the Microsoft Defender portal in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Show Suggested Answer Hide Answer
Suggested Answer:
by Charles_2002 at March 3, 2025, 1:29 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
d9b53a0
4 days, 10 hours ago
The correct order is: Navigate to the device page for Device1 Select View Map. From the Action center, invoke an action. Initiate a live response session.
upvoted 1 times
...
rkrau
1 week, 5 days ago
I go with Navigate to the device page for Device1 Initiate a live response session Collect and investigation package Extract the contents of the ZIP file
upvoted 1 times
...
a_kto_to
2 weeks ago
Navigate to the device page for Device1 Collect and investigation package From the Action center, invoke an action Extract the contents of the ZIP file here link: https://learn.microsoft.com/en-us/defender-endpoint/respond-machine-alerts
upvoted 2 times
...
Optimizor_IT
2 weeks, 1 day ago
Navigate to the device page for Device1 Initiate a live response session From the Action center, invoke an action (run ps and net) Collect an investigation package (optional, for records, though not needed for live data)
upvoted 1 times
...
54c341a
1 month, 2 weeks ago
The first step as initiate live response session doesn't make sense. Initiating a live response session does nothing without then running commands. None of them really fit but the closest I think would be 'From the Action centre, invoke an action, with the action being collect an investigation package. Navigate to the device page for Device1 From the Action center, invoke an action Collect and investigation package Extract the contents of the ZIP file
upvoted 1 times
...
Charles_2002
1 month, 3 weeks ago
Navigate to Endpoints > Device inventory and select a device to investigate. The devices page opens first https://learn.microsoft.com/en-us/defender-endpoint/live-response
upvoted 1 times
Optimizor_IT
2 weeks, 1 day ago
And your answer to the question is?
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago