What are two valid configurations for user-driven remediation when a Windows-based endpoint fails a Host Checker policy? (Choose two.)
A.
Kill a running process on the endpoint, based on executable name and MD5 checksum.
B.
Delete a file on the endpoint’s file system.
C.
Download and run a remediation executable from the local software distribution server.
D.
Alter registry entries to prevent future execution of an executable, based on executable name and full path.
I don’t understand how user driven (which means the user needs to do X before they are permitted) includes the given answers. From the admin manual:
For each Host Checker policy, you can configure two types of remediation actions:
• User-driven—Using custom instructions and reason strings, you can inform the user about the failed policy and how to make his computer conform. The user must take action to successfully re-evaluate the failed policy unless you configure an IMV to automatically remediate his computer. For instance, you can create a custom page that is linked to a policy server or Web page and enables the user to bring his computer into compliance.
• Automatic (system-driven)—You can configure Host Checker to automatically remediate the user’s computer. For example, when the initial policy fails, you can kill processes, delete files, or allow automatic remediation by an antivirus rule, a firewall rule, or a registry setting rule. Host Checker does not inform users when performing automatic actions. (You could, however, include information in your custom instructions about the automatic actions.)
It appears that a, b, and d apply to system-driven, and c should be the answer to user-driven.
A and B is correct. C and D would be the automated actions.