Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

Within Microsoft Defender for Endpoint, RBAC is enabled. You already have a device group named Servers that uses the Full remediation automation level. You create a new device group named Tier0Servers that targets devices with the Tag value "Tier0" and sets automation to Semi (require approval). One day later, a Tier0-tagged server is still remediated automatically. What is the most likely reason?

  • Automatic remediation levels are configured only at the tenant level, so device-group settings cannot override the existing Full automation level.

  • Device group membership is refreshed every 72 hours, so the server has not yet moved to the new group.

  • Tags cannot be used as membership filters when RBAC is enabled, preventing the server from ever matching the Tier0Servers group.

  • The Tier0Servers group is positioned below the Servers group in the device-group list, so Tier0 servers are assigned to the Servers group and keep the Full automation level.

Microsoft Security Operations Analyst Associate SC-200
Manage a security operations environment
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot