ExamTopics Logo
Mail Us[email protected]
Menu
Servicenow Discussions
exam questions

Exam CIS-SIR All Questions

View all questions & answers for the CIS-SIR exam
Go to Exam

Exam CIS-SIR topic 1 question 84 discussion

Actual exam question from ServiceNow's CIS-SIR
Question #: 84
Topic #: 1
[All CIS-SIR Questions]

Select all of the following which are key features of Microsoft Defender for Endpoint. (Choose three.)

  • A. Perform host enrichment actions to gather more information about the endpoint, which includes host details, logged-in users, and observable related machines details.
  • B. Find indicators of compromise (IoC) and enrich security incidents with threat intelligence data.
  • C. Perform Enterprise Security Search to sight potential malicious observables across endpoints, and take remediation actions.
  • D. Perform response actions such as Isolate host, Remove isolation, Restrict app execution, Run antivirus scan, Remove app restriction, and Stop and quarantine file.
Show Suggested Answer Hide Answer
Suggested Answer: ABD 🗳️
by sephereth at July 11, 2023, 6:48 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NokoNice
1 day, 18 hours ago
Selected Answer: ACD
Key features Microsoft Defender for Endpoint has the following key features: Perform Enterprise Security Search to sight potential malicious observables across endpoints, and take remediation actions. Perform response actions such as Isolate host, Remove isolation, Restrict app execution, Run antivirus scan, Remove app restriction, and Stop and quarantine file. Create or update indicators. Perform observable enrichment and retrieve data related to indicators. https://www.servicenow.com/docs/bundle/xanadu-security-management/page/product/secops-integration-sir/secops-integration-ms-defender-endpoint/concept/microsoft-defender-for-endpoint-integration.html
upvoted 1 times
...
Zbtinjo
5 months, 3 weeks ago
ACD is the correct answer (refer to eBook page # 160).
upvoted 1 times
...
sephereth
11 months, 2 weeks ago
Selected Answer: ABD
Explanation: ebook p.159, Microsft Defender for Endpoint: - Enables you to proactively inspect, analyze, and contain known and unkonw threats (A) - Help Security Analysts effeciently investigate and remediate security incidents without having to navigate between tools - Requests to isolate any machine from accessing the networks or remove the machines from isolation (D) - Enables you to perform actions that includes Run Antivirus Scan, Restrict App Execution, Remove App Restrictions, Stop and Quarantine Files - Provides indicator-related actions such as Enrich Observable, Create Indicators, and Udpate Indicators (B)
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago