Exam SC-200 topic 2 question 27 discussion

Correct asnswer. Microsoft docs say: "For a rule to suppress an alert on a specific subscription, that alert type has to have been triggered at least once before the rule is created." https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-suppression-rules#create-a-suppression-rule

Correct , you need to generate the alert , then create the suppression rule https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-suppression-rules#what-are-suppression-rules

Correct

C. On VM1 trigger a PowerShell alert. This will allow you to create a custom alert suppression rule based on the specific alert that you want to suppress. To trigger a PowerShell alert on VM1, you can follow these steps: On VM1, open PowerShell and run the following command: Invoke-WebRequest -Uri https://aka.ms/createalert Wait for a few minutes until the alert is generated in Azure Security Center. Go to Security Center in the Azure portal and select Security alerts. Find the alert with the title “Suspicious use of PowerShell” and the resource name “VM1”. Click on the alert to open its details pane.

On the exam July 7 2023

On exam - 19 June 2023

Before creating a custom alert suppression rule that will supress false positive alerts for suspicious use of PowerShell on VM1, you need to trigger the suspicious use of PowerShell alert on VM1. So the correct answer is C. On VM1 trigger a PowerShell alert.

You should first C. trigger a PowerShell alert on VM1 to create a custom alert suppression rule that will suppress false positive alerts for suspicious use of PowerShell on VM1. After triggering the alert, you can use the information provided in the alert to create a suppression rule that will prevent similar alerts from being generated in the future.

First you need an alert

C for correct

Correct!

C is correct. Documentation provided by Lion007 and Mthaher

Should be A