Examice

Exam SC-200 All QuestionsBrowse all questions from this exam

Question 248

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains 500 Windows devices.

You plan to create a Microsoft Defender XDR custom deception rule.

You need to ensure that the rule will be applied to only 10 specific devices.

What should you do first?

Add custom lures to the rule.

Add the IP address of each device to the list of decoy accounts and hosts of the rule.

Add the devices to a group.

Assign a tag to the devices.

Correct Answer: D

To ensure the rule will be applied to only 10 specific devices, you should assign a tag to those devices. In Microsoft Defender XDR, you can specify the scope of a rule to either all Windows client devices or to devices with specific tags. By tagging the 10 specific devices, you can then create a rule that targets these tagged devices specifically.

Discussion

don_binakOption: D

Identify the devices where you intend to plant the lures in the scope section. You can select to plant lures in all Windows client devices or in clients with specific tags. The deception feature currently covers Windows clients. https://learn.microsoft.com/en-us/defender-xdr/configure-deception

rsanx42Option: A

A: Add custom lures to the rule "In the rule creation pane, add a rule name, description, and select what lure types to create. You can select both" https://learn.microsoft.com/en-us/defender-xdr/configure-deception

laddu001Option: C

Add the devices to a group.

RodwhiteOption: D

with Deception rules scope you only get the option to (1) All Windows Client devices or (2) Devices with specific Tags. Therefore, "D".

SekpluzOption: D

It's (D) first [tag 10 devices], and then when you create the rule, you chose the lure (A), and then you chose the decoys ( the 10 devices you tagged ) https://learn.microsoft.com/en-us/defender-xdr/configure-deception