Exam SC-200 topic 1 question 9 discussion

Setting the scene: There are 3 device groups. You want to take action on all devices. Meaning you want 1(One) Device group with all devices. --> A: So you create this custom group(AllDeviceTempGroup) and add a Tag filter(RansomIRTag) to group devices into this device group. You see that there are no devices in this group. Why? You have not tagged your devices yet. --> B: You add the tag, RansomIRTag, to all devices. You notice that your devices have not populated your new device group, AllDeviceTempGroup. Why? In the details of the question, you are informed that these devices already have a group. Which means if your group is not promoted to highest rank, then the devices will choose their original group instead. -->C: Promote AllDeviceTempGroup to highest rank.

Admin role is not required. Given answer:ACD is correct

A. Assign a tag to the device group. This allows you to easily identify and filter the devices within those groups for automated actions. You can target actions based on tags. C. Add a tag to the machines. This allows for granular control. Even within a device group, tagging specific machines lets you isolate and target only the ones you need for a particular action related to the ransomware investigation. D. Create a new device group that has a rank of 1. Device group ranking allows you to prioritize actions. A rank of 1 means this group will be targeted first, ensuring your automated actions are applied to the most critical devices (those with highly sensitive information) as quickly as possible

A. Assign a tag to the device group. This allows you to easily identify and filter the devices within those groups for automated actions. You can target actions based on tags. C. Add a tag to the machines. This allows for granular control. Even within a device group, tagging specific machines lets you isolate and target only the ones you need for a particular action related to the ransomware investigation. D. Create a new device group that has a rank of 1. Device group ranking allows you to prioritize actions. A rank of 1 means this group will be targeted first, ensuring your automated actions are applied to the most critical devices (those with highly sensitive information) as quickly as possible.

correct

https://www.drware.com/how-to-use-tagging-effectively-in-microsoft-defender-for-endpoint-part-1/

Thanks for the explanation. Probably i skipped some aspect while studying, i have this question, Assuming i have 100s of devices how can i tag all at once. I need to give RansomIRtag to 100 devices, will i start adding one by one?

Best answer

Best answer

ACD correct

ACD. No admin role is required in the scenario given (automated), and obviously the rank needs to be 1, not 4 for the group that contains the tagged devices.

Think given answer is correct, but not 100%. C: Tag all machines ( as requested ), to ensure they can be grouped temporarily. A: Add the tagged machines to the group to be able to perform automated actions on all. D: Ensure has rank of 1, so given tagged machines are added, in case of devices match other groups.

BDE https://docs.microsoft.com/en-us/learn/modules/deploy-microsoft-defender-for-endpoints-environment/6-configure-device-groups

As far as I can tell, you can't assign tag to a device group, only devices. And why would you need to assign tags to both devices and device groups? So I think the answer must be CDE.

Correct answer but reference is not so useful.