According to this you can in fact create alert policies in both Microsoft Purview Compliance portal AND Microsoft Defender Portal:
https://learn.microsoft.com/en-us/purview/alert-policies?view=o365-worldwide
However this article is more targeted towards "unusual usage patterns" which is specifically what the question is asking:
https://learn.microsoft.com/en-us/defender-cloud-apps/policies-cloud-discovery#detect-unusual-usage-patterns-on-your-network
D. the Microsoft 365 Defender Portal
I must go with Defender Portal.
You can create policy from either Purview or Defender, but the given condition the word "unusual" most suited with Defender.
This microsoft page explain it all (unusual usage patterns):
https://learn.microsoft.com/en-us/defender-cloud-apps/policies-cloud-discovery#detect-unusual-usage-patterns-on-your-network
https://learn.microsoft.com/en-us/purview/alert-policies
Suspicious email sending patterns detected Generates an alert when someone in your organization has sent suspicious email and is at risk of being restricted from sending email. This is an early warning for behavior that may indicate that the account is compromised, but not severe enough to restrict the user. Although it's rare, an alert generated by this policy may be an anomaly. However, it's a good idea to
D. the Microsoft 365 Defender portal
The Microsoft Purview compliance portal, on the other hand, is primarily focused on data discovery, classification, and compliance related to data governance. It is not specifically designed for monitoring and alerting on usage patterns or security incidents within the Microsoft 365 environment.
Therefore, for creating a policy to trigger an alert when unusual Microsoft Office 365 usage patterns are detected, you should use the Microsoft 365 Defender portal.
By all accounts both B & D is equally right. The alerts are functionally the same. Without knowing the purpose for these alerts(compliance or security team focused) we can't pick one over the other. Another really bad question.
https://learn.microsoft.com/en-us/purview/alert-policies
You can use alert policies and the alert dashboard in the Microsoft Purview compliance portal or the Microsoft 365 Defender portal to create alert policies and then view the alerts generated when users perform activities that match the conditions of an alert policy. There are several default alert policies that help you monitor activities such as assigning admin privileges in Exchange Online, malware attacks, phishing campaigns, and unusual levels of file deletions and external sharing.
it's the platform specifically designed for advanced threat protection, security, and detecting unusual usage patterns.
So, the correct answer is:
D. the Microsoft 365 Defender portal
This section is not available anymore. Please use the main Exam Page.MS-102 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
1435b1b
Highly Voted 1 year, 1 month agosiulas
Highly Voted 1 year, 7 months agoAPK1
Most Recent 8 months, 1 week ago7ab89e0
9 months, 1 week agoTonyManero
12 months agoTomtom11
1 year, 1 month agoAmir1909
1 year, 2 months agom2L
1 year, 4 months agoDahkoht
1 year, 4 months agoShuihe
1 year, 5 months agoVanesa1
1 year, 5 months agoArmins
1 year, 5 months agoNrdAlrt
1 year, 5 months agophlegmbot
1 year, 5 months agopoesklap
1 year, 6 months agojt2214
1 year, 6 months agoPaul_white
1 year, 6 months ago