Which indicator type should you use?

SC-200 V3 0 Comments

You receive a security bulletin about a potential attack that uses an image file.

You need to create an indicator of compromise (IoC) in Microsoft Defender for Endpoint to prevent the attack.

Which indicator type should you use?
A . a URL/domain indicator that has Action set to Alert only
B. a URL/domain indicator that has Action set to Alert and block
C. a file hash indicator that has Action set to Alert and block
D. a certificate indicator that has Action set to Alert and block

Answer: C

Explanation:

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/indicator-file?view=o365-worldwide

Latest SC-200 Dumps Valid Version with 75 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SC-200 PDF     SC-200 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments