Examice

Exam SC-200 All QuestionsBrowse all questions from this exam

Question 35

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.

You need to add threat indicators for all the IP addresses in a range of 171.23.34.32-171.23.34.63. The solution must minimize administrative effort.

What should you do in the Microsoft 365 Defender portal?

Create an import file that contains the individual IP addresses in the range. Select Import and import the file.

Create an import file that contains the IP address of 171.23.34.32/27. Select Import and import the file.

Select Add indicator and set the IP address to 171.23.34.32-171.23.34.63.

Select Add indicator and set the IP address to 171.23.34.32/27.

Correct Answer: A

To add threat indicators for all IP addresses in the specified range while minimizing administrative effort, you should create an import file containing the individual IP addresses within that range and import the file. Although this approach may seem cumbersome, Microsoft Defender for Endpoint does not support CIDR notation or ranges; therefore, you must list each IP address individually.

Discussion

RobertDuval

In Exam today (21 April 2023)

ValunchaiOption: A

Test on lab

YurriOption: A

Only single IP addresses are supported (no CIDR blocks or IP ranges) in custom indicators. A. Import file

GermanGermanOption: B

This approach is the most efficient because: The IP address range 171.23.34.32-171.23.34.63 can be represented using the CIDR (Classless Inter-Domain Routing) notation as 171.23.34.32/27. This notation efficiently covers all the IPs in the specified range. By creating an import file with this CIDR notation and importing it, you can add all the IP addresses in the range at once, significantly reducing the administrative effort compared to adding each IP address individually.

chepeerick

correct

Oryx360Option: D

D. Select Add indicator and set the IP address to 171.23.34.32/27. To add threat indicators for all the IP addresses in a range of 171.23.34.32-171.23.34.63 in the Microsoft 365 Defender portal while minimizing administrative effort, you should select "Add indicator" and set the IP address to 171.23.34.32/27. This option utilizes CIDR notation to represent the IP address range efficiently. CIDR notation with "/27" represents a subnet mask that covers the range of IP addresses from 171.23.34.32 to 171.23.34.63. This method simplifies the process and minimizes the effort required to add multiple IP addresses individually. The other options involve creating import files or specifying IP addresses individually, which may be more cumbersome and time-consuming compared to using CIDR notation for a range of IP addresses.

MarchianoOption: D

Why not D? I see that you can add a new indicator such as 171.23.34.32/27, without the extra step of doing this through a .csv file, which clearly will minimize the administrative effort.

JoeP1

Because "Classless Inter-Domain Routing (CIDR) notation for IP addresses is not supported." according to the Microsoft web site: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/indicator-ip-domain?view=o365-worldwide

Marchiano

Thank you!

Str4intOption: A

answer A. lassless Inter-Domain Routing (CIDR) notation for IP addresses isn't supported.

emartiyOption: C

What Microsoft Copilot AI answers for this question: To add threat indicators for all the IP addresses in the range of 171.23.34.32-171.23.34.63 in Microsoft 365 Defender, follow these steps: Navigate to the Indicators setting: In the Microsoft 365 Defender portal, go to Settings. Choose Cloud Apps. Under System, select IP address ranges. Add the IP address range: Select Add IP address range. Specify the following details: Name: Give a name to your IP range (used for management purposes). IP Address Range: Enter the range as 171.23.34.32-171.23.34.63. C is the correct answer

emartiy

D. Select Add indicator and set the IP address to 171.23.34.32/27. (current addition options support this)

RamyeOption: A

C and D are not supported. Tested and the system does not allow using the giving range format on these options. Since D is not supported hence, B is not supported either.

kaboozeOption: A

it doesn't recognize ranges or cidr notation

Yaya

in exam 20/10/2023.

Dracula666

Hope you passed the exam? Was the question in this topic relevant? I have gone through the material from the learning path once and I am completely relying on this questions. Please advice

GuruleeOption: A

CIDR not supported

jamclash

in exam 9/20/23

mali1969Option: D

To add threat indicators for all the IP addresses in a range in Microsoft Defender for Endpoint, you need to use the CIDR notation to specify the subnet that covers the range. The CIDR notation is a compact representation of an IP address and its associated routing prefix. It consists of an IP address followed by a slash and the number of bits in the prefix1. The IP address range of 171.23.34.32-171.23.34.63 can be represented by the CIDR notation of 171.23.34.32/27, which means that the first 27 bits of the IP address are fixed and the remaining 5 bits can vary2. This covers 32 possible IP addresses, from 171.23.34.32 to 171.23.34.63. Therefore, the correct answer is D. Select Add indicator and set the IP address to 171.23.34.32/27

mali1969

I changed my answer and correct answer is A

JoeP1Option: A

A because CIDR ranges can not be imported.

mfalkjunkOption: A

The IP address range within the subnet 171.23.34.32/27 is from 171.23.34.33 to 171.23.34.62. A should be sufficient.