Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Microsoft Exam SC-100 Topic 2 Question 47 Discussion

Actual exam question for Microsoft's SC-100 exam
Question #: 47
Topic #: 2
[All SC-100 Questions]

You have a Microsoft 365 tenant that contains 5,000 users and 5,000 Windows 11 devices. All users are assigned Microsoft 365 5 licenses and the Microsoft Defender Vulnerability Management add-on. The Windows 11 devices are managed by using Microsoft Intune and Microsoft Defender for Endpoint. The Windows 11 devices are configured during deployment to comply with Center for Internet Security (CIS) benchmarks for Windows 11.

You need to recommend a compliance solution for the Windows 11 devices. The solution must identify devices that were modified and no longer comply with the CIS benchmarks.

What should you include in the recommendation?

Show Suggested Answer Hide Answer
Suggested Answer: D

Contribute your Thoughts:

Laurel
4 months ago
I'm going to have to go with D on this one. Security baseline assessments sound like the most straightforward way to ensure our devices are compliant. Although, I do wonder if they come with a free complimentary toaster...
upvoted 0 times
...
Lorrine
4 months ago
Security baselines all the way, baby! D is the clear choice here. Who needs a secure score when you can just assess the benchmarks directly?
upvoted 0 times
Shawnna
2 months ago
Absolutely, security baselines assessments will help identify any modifications that deviate from the CIS benchmarks.
upvoted 0 times
...
Dylan
2 months ago
I think D is definitely the best option for ensuring compliance with the benchmarks.
upvoted 0 times
...
Anissa
3 months ago
Yeah, it's important to directly assess the CIS benchmarks for Windows 11 devices.
upvoted 0 times
...
Cristen
3 months ago
I agree, security baselines assessments in Microsoft Defender Vulnerability Management is the way to go.
upvoted 0 times
...
...
Karrie
4 months ago
I'm not too sure about this one. Maybe C with the attack surface reduction (ASR) rules in Defender for Endpoint could work, but I'm not convinced it's the best option.
upvoted 0 times
...
Ardella
4 months ago
B sounds like the way to go. Microsoft Secure Score for Devices in Defender for Endpoint should give us the information we need to monitor compliance.
upvoted 0 times
Alona
3 months ago
I agree. It's important to have a solution that can identify any modifications to the devices that may impact compliance with the CIS benchmarks.
upvoted 0 times
...
Claribel
3 months ago
B sounds like the way to go. Microsoft Secure Score for Devices in Defender for Endpoint should give us the information we need to monitor compliance.
upvoted 0 times
...
...
Eugene
4 months ago
I think the answer is D. Security baseline assessments in Microsoft Defender Vulnerability Management should be able to identify devices that are no longer compliant with the CIS benchmarks.
upvoted 0 times
Juan
3 months ago
I believe B) Microsoft Secure Score for Devices in Defender for Endpoint could also be a good choice for compliance solution.
upvoted 0 times
...
Lucia
3 months ago
I would go with D) security baselines assessments in Microsoft Defender Vulnerability Management as well.
upvoted 0 times
...
Joni
3 months ago
I think A) Authenticated scan for Windows in Microsoft Defender Vulnerability Management could also help identify modified devices.
upvoted 0 times
...
Rickie
4 months ago
I agree, D) security baselines assessments in Microsoft Defender Vulnerability Management is the best option.
upvoted 0 times
...
...
Estrella
5 months ago
I'm not sure, but option A) Authenticated scan for Windows in Microsoft Defender Vulnerability Management also sounds like a good choice.
upvoted 0 times
...
Arlette
5 months ago
I agree with option D. It seems like the most comprehensive solution for our compliance needs.
upvoted 0 times
...
Shenika
5 months ago
I think we should go with option D) security baselines assessments in Microsoft Defender Vulnerability Management.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77