Microsoft Security Operations Analyst — Question 81

You have a Microsoft 365 E5 subscription that contains 500 Windows 11 devices.

You have a Microsoft Defender for Endpoint deployment that has the following settings:

• Discovery mode: Basic
• Live Response: Disabled
• Enable EDR in block mode: Off
• Tamper Protection: Off

You need to implement automatic attack disruption in Microsoft Defender XDR.

What should you do?

Answer options

• A. Change Discovery mode to Standard discovery.
• B. Set Live Response to On.
• C. Set Tamper Protection to On.
• D. Set Enable EDR in block mode to On.

Correct answer: D

Explanation

The correct answer is D, as enabling EDR in block mode is essential for automatic attack disruption in Microsoft Defender XDR. Options A, B, and C do not directly contribute to activating the attack disruption feature, as they pertain to different functionalities of Microsoft Defender for Endpoint.