Free Microsoft Cybersecurity SC-100 Actual Exam Questions - Question 10 Discussion
Question No. 10
Your company wants to optimize using Microsoft Defender for Endpoint to protect its resources
against ransomware based on Microsoft Security Best Practices.
You need to prepare a post-breach response plan for compromised computers based on the
Microsoft Detection and Response Team (DART) approach in Microsoft Security Best Practices.
What should you include in the response plan?
against ransomware based on Microsoft Security Best Practices.
You need to prepare a post-breach response plan for compromised computers based on the
Microsoft Detection and Response Team (DART) approach in Microsoft Security Best Practices.
What should you include in the response plan?
Select all that apply, then reveal solution.
US
VT
Vikas T.
2026-02-15
D. Machine isolation makes the most sense here since the question focuses on a post-breach response plan. It’s about cutting off the attacker’s current access, which aligns with DART’s containment strategy. The other options like controlled folder access or application isolation are more about prevention rather than immediate response after a breach has been detected. Memory scanning is more of a detection technique, not really part of the response plan itself. User isolation doesn’t fully block the threat if the machine remains connected, so isolating the entire machine is more effective for
0
SR
Sam R.
2026-01-28
Option D, machine isolation cuts off the attacker's access immediately.
0
SR
Sam R.
2026-01-16
D imo, machine isolation stops ransomware fast.
0