Free Microsoft SC-401 Actual Exam Questions - Question 7 Discussion
HOTSPOT You have a Microsoft 36S ES subscription that contains the devices shown in the following table. 
You plan to implement inside' risk management and capture forensic evidence Which devices support the collection of forensic evidence, and what should you do lo prepare each supported device? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. 
Looks like Windows 10 and Server 2019 devices support forensic evidence via Defender for Endpoint. For those, enabling advanced hunting and onboard to Defender would be key. Other devices probably can’t collect forensic data directly.
I’m thinking only Windows 10 and Server devices actually support forensic evidence collection natively here. For others like Android or iOS, there isn’t much Microsoft 365 can do for forensic data without extra tools.
Windows 10 needs enabling advanced audit policies for forensic data.
I looked at the device types and the options for preparing them. Since forensic evidence collection typically requires audit logs or specific OS capabilities, I think Windows 10 and Windows Server devices are the go-to here (so options for those devices should be selected). For preparation, enabling advanced audit policies or setting up Windows Defender ATP makes sense. The macOS and mobile devices usually don’t support full forensic data capture as comprehensively, so probably no prep needed or marked as unsupported. So basically, choose Windows devices and prep by enabling auditing tools or
This one feels a bit tricky since it asks about device support for forensic evidence collection and preparation steps. The table has details but it's a lot to interpret quickly. Would be nice if the question was clearer on which actions match which devices.