Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 10 Question 27 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 27
Topic #: 10
[All SC-200 Questions]

You have an Azure subscription that contains a virtual machine named VM1 and uses Azure Defender. Azure Defender has automatic provisioning enabled.

You need to create a custom alert suppression rule that will supress false positive alerts for suspicious use of PowerShell on VM1.

What should you do first?

Show Suggested Answer Hide Answer
Suggested Answer: C

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-alerts?view=o365-worldwide

by Serina at May 03, 2022, 09:35 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Daniel
5 months ago
I thought we needed to run a cmdlet first, like option B?
upvoted 0 times
...
Elroy
5 months ago
Wait, can you really suppress alerts like that? Sounds risky.
upvoted 0 times
...
Cordell
5 months ago
Not so sure about A, what about option D?
upvoted 0 times
...
Vallie
5 months ago
Definitely agree with A, it makes the most sense!
upvoted 0 times
...
Lore
6 months ago
I think option A is the way to go.
upvoted 0 times
...
Velda
6 months ago
I’m a bit confused about the cmdlet. I remember Get-MPThreatCatalog being related to threat management, but I’m not sure if it’s relevant for creating a suppression rule.
upvoted 0 times
...
Aleisha
6 months ago
I feel like exporting alerts to Log Analytics was mentioned in a similar practice question, but I can't recall if that's the initial action we need to take here.
upvoted 0 times
...
Kristel
6 months ago
I think we practiced a question where we had to trigger an alert first before suppressing it. So maybe option C could be the right choice?
upvoted 0 times
...
Carlota
6 months ago
I remember something about using Azure Security Center for alert management, but I'm not sure if adding a workflow automation is the first step.
upvoted 0 times
...
Clay
6 months ago
This seems tricky, but I'll take my time and methodically go through the options. I'm confident I can get the right answer if I think it through step-by-step.
upvoted 0 times
...
Vincenza
6 months ago
Intra-storage device vertical tiering sounds familiar, but I can't recall if it ties into ensuring continuous data access like the question asks.
upvoted 0 times
...
Dylan
6 months ago
I think the answer might be "service registry," but I'm not entirely sure.
upvoted 0 times
...
Vallie
6 months ago
The key here is understanding how to set up the event-driven ETL pipeline. I'll focus on that part of the requirements.
upvoted 0 times
...
Fausto
6 months ago
This question seems straightforward. I think the key is to identify the service-orientation principle that would have addressed the issue of the service not being designed to participate in more than one service composition.
upvoted 0 times
...

Save Cancel