GitBit
First lessonBlog
Sign Up

Question 16 of 18

Previous QuestionNext Question

Your organization has a Microsoft 365 tenant with the following users.

  • UserA is a member of Group1
  • UserB is a member of Group2
  • UserC is a member of Group3

Your organization implements Microsoft Defender for Endpoint. Microsoft Defender for Endpoint is configured with the following roles.

Role Permissions chart

Microsoft Defender for Endpoints contains the following device groups.

Machine group access

Select Yes if the statement is true. Click No if the statement is false.

UserB can collect an investigation package from Device2.

UserC can isolate Device1.

UserA can start an antivirus scan on Device1.

The Alerts investigation permission grants the user the ability to run anti-virus scans. UserA has alerts investigation so UserA can run anti-virus scans.

The Alerts investigation permission grants the user the ability to collect an investigation package. UserB does not have the alerts investigation permission so UserB cannot collect an investigation package.

The Active remediation actions permission grants the user the ability to isolate a device. UserC has Active remediation actions so User3 can isolate Device1

https://www.gitbit.org/course/ms-500/learn/Protecting-Windows-10-and-other-devices-with-Microsoft-Defender-for-Endpoint-z0qPG6v4T

Did you like the site?