Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

Your organization has already onboarded all Windows 11 client PCs to Microsoft Defender for Endpoint (MDE). You now enable the built-in device discovery feature and leave the settings unchanged, which keeps the feature in its default mode.

How will MDE detect Windows computers that are still connected to the corporate network but not yet onboarded to MDE?

  • The Defender for Endpoint cloud service cross-references Azure AD sign-in logs and flags computer names that have never sent security data.

  • Each onboarded Windows PC passively listens to local broadcast traffic (for example, ARP and DHCP) to identify nearby hosts that are not sending signals to MDE, and lists them as unmanaged.

  • An Azure Arc agent is automatically deployed to each subnet to report machines that are not onboarded to MDE.

  • Every onboarded Windows PC performs an active ICMP ping sweep and TCP port scan of its subnet to locate hosts that are not protected.

Microsoft Security Operations Analyst Associate SC-200
Manage a security operations environment
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot