Microsoft Security Operations Analyst Associate SC-200 Practice Question
You are piloting Attack Surface Reduction (ASR) rules in Microsoft Defender for Endpoint. You plan to configure the rule "Block Office applications from creating child processes" (rule ID D4F940AB-401B-4EFC-AADC-AD5F3C50688A) on a test device by running the PowerShell command:
In PowerShell, Attack Surface Reduction rule states are represented by integers: 0 disables the rule, 1 blocks the behavior, 2 enables Audit mode (events are logged but actions are not blocked), and 6 enables Warn mode (a user prompt appears). Because you want the rule to log activity without blocking it, you must set the rule state to 2. The other values would either disable the rule, actively block the behavior, or prompt users.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Audit mode in Attack Surface Reduction (ASR) rules?
Open an interactive chat with Bash
What is an ASR rule ID, and how does it work?
Open an interactive chat with Bash
How can event logs from ASR rules be viewed and analyzed?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage a security operations environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .