Obstruct Files with Advanced Features | Microsoft Security Operations Analyst Exam SC-200

Turn On Advanced Setting to Obstruct Files | Microsoft Security Operations Analyst Exam SC-200

Question

In advanced features, which setting must be turned on to obstruct files even if a 3rd party AV is used?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: A.

Option A is correct.

EDR with block mode can be used with third party AV.

Option B is incorrect.

“Allow or block file” feature requires Defender AV.

Option C is incorrect.

Automated investigations do not block files.

Reference:

The correct answer is A. Turn on EDR with block mode.

EDR stands for Endpoint Detection and Response. It is a security solution that detects and responds to cyber threats on endpoints (devices such as laptops, desktops, and servers) by collecting and analyzing telemetry data. EDR can provide visibility into endpoint activities, such as processes and network connections, and can detect suspicious behavior that may indicate a cyber attack.

EDR with block mode is an advanced feature that enables an organization to block potentially malicious files or activities on an endpoint, even if a third-party antivirus (AV) is installed. When EDR with block mode is turned on, it can detect and block files based on their reputation, behavior, or other indicators of compromise. This is particularly useful when dealing with advanced threats, such as zero-day exploits, that may evade traditional signature-based antivirus.

Automated investigation is another advanced feature that can help security analysts investigate and respond to security incidents. It uses machine learning and artificial intelligence to automate the collection and analysis of security telemetry data, reducing the time and effort required for manual investigation. Automated investigation can also provide recommendations on how to remediate the incident.

Allow or block file is a basic feature that allows an organization to specify which files are allowed or blocked on an endpoint. This can be useful for preventing the execution of known malware or unauthorized software.

In summary, while all the options may provide some level of protection, the most effective option for obstructing files even if a third-party AV is used is to turn on EDR with block mode.