Microsoft Security Operations Analyst — Question 65
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft 365 subscription.
You have 1,000 Windows devices that have a third-party antivirus product installed and Microsoft Defender Antivirus in passive mode.
You need to ensure that the devices are protected from malicious artifacts that were undetected by the third-party antivirus product.
Solution: You configure endpoint detection and response (EDR) in block mode.
Does this meet the goal?
Answer options
- A. Yes
- B. No
Correct answer: A
Explanation
Configuring endpoint detection and response (EDR) in block mode effectively enhances security by actively preventing threats that the third-party antivirus may not have detected. This solution directly addresses the need to protect devices from malicious artifacts, while the alternative option does not provide any protective measures.