ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 292 discussion

Actual exam question from Microsoft's MS-102
Question #: 292
Topic #: 1
[All MS-102 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.

All the devices in your organization are onboarded to Microsoft Defender for Endpoint.

You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.

What should you do?

  • A. From the Microsoft Defender portal, create an alert suppression rule and assign an alert.
  • B. From the Microsoft Purview compliance portal, create an audit log search.
  • C. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.
  • D. From the Microsoft Defender portal, create an Advanced hunting query and a detection rule.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Lekso at March 31, 2025, 6:19 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
skids222
4 days, 12 hours ago
Selected Answer: D
The key here is that you want a custom alert when malicious activity is detected on an endpoint in the last 24 hours. You achieve this by creating a custom Detection Rule from an Advanced Hunting query in the Microsoft Defender portal. A (alert suppression) is for hiding or limiting unwanted alerts, not generating new ones. B (audit log search) and C (DLP policy) are both done in Microsoft Purview compliance; they don’t create Defender for Endpoint alerts about malicious activity. D (Advanced hunting query + detection rule) is how you define a custom condition for malicious activity and instruct Defender to raise an alert whenever that condition is met.
upvoted 1 times
...
004b54b
1 week, 3 days ago
Selected Answer: D
Same question as #368 : https://www.examtopics.com/exams/microsoft/ms-102/view/37/ Answer is D.
upvoted 3 times
...
Lekso
2 weeks, 5 days ago
Selected Answer: A
I believe the answer is wrong, it should be A
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago