Free Microsoft SC-200 Security Operations Analyst Actual Exam Questions - Question 1 Discussion
DRAG DROP You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment. You need to use the Microsoft Defender portal to request remediation from the team responsible for the affected systems if there is a documented active exploit available. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. 
First, I’d check the CVE details in Defender to confirm the active exploit. Then create an alert to notify the right team. Finally, assign the remediation task so they can start fixing it.
Check CVE exploit status first, then create alert, assign remediation last.
I’d start by confirming if the CVE is detected and exploited in the portal, then create a security alert to inform the team, and lastly assign the remediation task. That way, you’re sure before pulling in others.
I think step one should be confirming the CVE details and whether an active exploit is documented. Then create an alert to notify the team before finally assigning the remediation task. This keeps the process organized.
Another way is to first check if the vulnerability is detected on your devices in the portal, then confirm the exploit status, and finally assign remediation. This skips alert creation since the detection itself acts as the trigger.
I’d say start by verifying the exploit info in Microsoft Defender, then create an alert for the team, and finally assign the remediation task. Scanning comes before if you don’t have confirmation yet.
First, I’d look up the CVE details in the portal to confirm the active exploit (step one). Then, raise an alert for the team (step two), and finally assign remediation tasks so they know what to fix (step three).
This one’s kinda tricky, not sure if step two should be scanning or raising an alert first.