ServiceNow Certified Implementation Specialist – Security Incident Response — Question 70
Select all of the following which are key features of Microsoft Defender for Endpoint. (Choose three.)
Answer options
- A. Perform host enrichment actions to gather more information about the endpoint, which includes host details, logged-in users, and observable related machines details.
- B. Find indicators of compromise (IoC) and enrich security incidents with threat intelligence data.
- C. Perform Enterprise Security Search to sight potential malicious observables across endpoints, and take remediation actions.
- D. Perform response actions such as Isolate host, Remove isolation, Restrict app execution, Run antivirus scan, Remove app restriction, and Stop and quarantine file.
Correct answer: A, B, D
Explanation
The correct answers A, B, and D highlight essential functions of Microsoft Defender for Endpoint, such as gathering information, detecting threats, and executing response actions. Option C, while relevant, describes a feature that is not fundamental to Microsoft Defender's core capabilities in the same way as the correct options.