Microsoft Security Operations Analyst Associate SC-200 Practice Question
You need to ensure that endpoints in the Finance device group are automatically remediated when automated investigation classifies a threat with high confidence. However, you want security analysts to approve remediation actions that are considered less certain.
Which automation level should you assign to the Finance device group in Microsoft Defender XDR?
Full - remediate threats automatically
Semi-automated: require approval for any remediation
No automated response
Semi-automated: require approval for non-core remediation
Microsoft Defender for Endpoint supports four automation levels that control Automated Investigation and Response (AIR) behavior for each device group:
No automated response - the investigation only collects evidence.
Semi-automated: require approval for any remediation - analysts must approve every proposed remediation action.
Semi-automated: require approval for non-core remediation - Defender automatically executes high-confidence (core) actions but requires analyst approval for lower-confidence actions.
Full - Defender automatically performs all remediation actions.
The requirement is to let AIR automatically remediate threats that are classified with high confidence (core actions) while routing lower-confidence actions for analyst approval. This behavior matches the Semi-automated: require approval for non-core remediation level. The other options either block all automatic remediation, require approval for every action, or allow every action without approval.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are 'core actions' in Microsoft Defender XDR?
Open an interactive chat with Bash
What is the difference between 'semi-automated: require approval for non-core remediation' and 'semi-automated: require approval for any remediation'?
Open an interactive chat with Bash
How does Microsoft Defender XDR classify threats with high confidence?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage a security operations environment
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .