ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 203 discussion

Actual exam question from Microsoft's MS-102
Question #: 203
Topic #: 1
[All MS-102 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.

All the devices in your organization are onboarded to Microsoft Defender for Endpoint.

You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.

What should you do?

  • A. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.
  • B. From Alerts queue, create a suppression rule and assign an alert.
  • C. From Advanced hunting, create a query and a detection rule.
  • D. From the Microsoft Purview compliance portal, create an audit log search.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Hard1k at Sept. 12, 2023, 7:31 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Hard1k
Highly Voted 1 year, 7 months ago
Selected Answer: C
C. From Advanced hunting, create a query and a detection rule. Advanced hunting allows you to create custom queries to search for specific events in your environment. You can then use these queries to create detection rules that will generate alerts when certain events occur.
upvoted 8 times
...
Khattak3143
Most Recent 8 months, 2 weeks ago
Selected Answer: C
Correct answer C. Laws of deductions can do wonders. A & D have nothing to do with alerts here.
upvoted 2 times
...
Tomtom11
11 months, 4 weeks ago
Selected Answer: C
https://learn.microsoft.com/en-us/defender-xdr/advanced-hunting-overview?view=o365-worldwide
upvoted 1 times
...
benpatto
1 year, 4 months ago
C. is literally the only viable option here. I mean if anyone picks B. I'd hold fire on taking the exam :p
upvoted 2 times
...
cb0900
1 year, 7 months ago
Selected Answer: C
https://www.examtopics.com/discussions/microsoft/view/33967-exam-ms-101-topic-2-question-27-discussion/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago