You have a deployment of System Center Configuration Manager (Current Branch).
You need to recommend a solution to manage and reduce the attack surface of applications used in your environment.
What should you include in the recommendation?
A. Windows Defender Exploit Guard
B. antimalware policies
C. Windows Defender Advanced Threat Protection (ATP) policies
D. compliance policies
Correct Answer: C
Explanation/Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard
Attack surface reduction rules help prevent behaviors malware often uses to infect computers with malicious code. You can set attack surface reduction rules for computers running Windows 10, version 1709 or later, Windows Server 2016 1803 or later, or Windows Server 2019.
To use attack surface reduction rules, you need a Windows 10 Enterprise license. If you have a Windows E5 license, it gives you the advanced management capabilities to power them. These include monitoring, analytics, and workflows available in Microsoft Defender Advanced Threat Protection, as well as reporting and configuration capabilities in the Microsoft 365 Security Center.