DumpsBox
Home/microsoft/Free Microsoft SC-200 Security Operations Analyst Actual Exam Questions/Question 5
← Back to Exam

Free Microsoft SC-200 Security Operations Analyst Actual Exam Questions - Question 5 Discussion

Question No. 5Drag & Drop

DRAG DROP You are informed of a new common vulnerabilities and exposures (CVE) vulnerability that affects your environment. You need to use Microsoft Defender Security Center to request remediation from the team responsible for the affected systems if there is a documented active exploit available. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. SC-200 practice exam questions

Options
AFrom Device Inventory, search for the CVE.
BOpen the Threat Protection report.
CFrom Threat & Vulnerability Management, select Weaknesses, and search for the CVE.
DFrom Advanced hunting, search for Cveld in the DeviceTvmSoftwareInventoryVulnerabilitites table.
ECreate the remediation request.
FSelect Security recommendations.
Drag an item to a target. Click × to remove.
Answer Area
Bucket 1
Drop item here
Bucket 2
Drop item here
Bucket 3
Drop item here
US
MT
Mark T.
2026-02-19

Checking for active exploits in Threat Analytics (D) first helps confirm if the vulnerability is being actively used. Then listing affected devices (B) before sending the remediation request (C) ensures the team knows exactly what to fix.

0
FW
Farhan W.
2026-02-17

I think checking active exploit in Threat Analytics (D) first makes sense before listing devices (B) and sending request (C).

0
YX
Yasir X.
2026-02-12

Start by checking the threat analytics for the active exploit status (D), then identify all affected devices (B), and finally submit the remediation request to the responsible team (C). This way, you confirm the threat before notifying.

0
YX
Yasir X.
2026-02-10

I’d swap the middle step with pinpointing the exploit status first (D), then sending the remediation request (C), and only afterward listing affected devices (B). You want to alert the team ASAP once you confirm active threats.

0
RS
Rayan S.
2026-01-31

I think the first move is to check if the exploit is active in Defender, so you’re not chasing false alarms (D). Then find all impacted systems (B) to know who to alert. Last, send the remediation request (C) to the right team.

0
RS
Rayan S.
2026-01-28

I’d say start by checking the vulnerability’s exploit status in Defender, then find the impacted devices, and lastly send the remediation request. Without knowing affected systems, the team can’t act properly.

0
PW
Peter W.
2026-01-27

I’d start by confirming the active exploit status in Defender to avoid unnecessary work. Then I’d identify which systems are affected before sending the remediation request, since you need that info for the team.

0
ET
Ethan T.
2026-01-27

First, check the CVE exploit status in Defender to confirm it’s active. Next, identify the affected systems for context. Finally, send the remediation request to the responsible team based on that info.

0
BO
Brian O.
2026-01-16

Does the question specify which version of Defender or any specific modules to use?

0