Exam SC-200 topic 1 question 21 discussion

This answer looks wrong and since there is no reference link to support it I challenge it. To me the correct answer is B,E.

A - this seems correct, as if you override the automatic detection of location for company IP address ranges, you can prevent the impossible travel alerts. B - This makes sense as you need to define your corporate address ranges so that they are not seen as risky. C - Increasing the sensitivity of the impossible travel detection would create more alerts. D - Why would you set the IP addresses to the "Other" category when there is a "Corporate" category that fits the description? E - Creating a new policy when there is already an existing one that you need to reduce the alerts from, would not reduce the number of alerts.

Here the answer AB youtube AD chatgpt BE can someone tell me what the correct answer because now I am confused.

AB correct

Without Data Enrichment we cant use the categories A. The Data Enrichment API enables you to manage identifiable IP address ranges, such as your physical office IP addresses. IP address ranges allow you to tag, categorize, and customize the way logs and alerts are displayed and investigated. B. Add the IP addresses to the corporate address range category. This action allows you to define the IP address ranges that belong to your organization and exclude them from anomaly detection policies such as impossible travel or sign-ins from risky IP addresses.

A and B

A and B is correct

defo A, B

This question was in the exam 27/04/2024.

Based on the below information published here: https://learn.microsoft.com/en-us/defender-cloud-apps/ip-tags#create-an-ip-address-range Corporate: These IPs should be all the public IP addresses of your internal network, your branch offices, and your Wi-Fi roaming addresses.

correct A and D

Only B seems to be the correct option as you can see the explanations of the difference "categories" here: https://learn.microsoft.com/en-us/defender-cloud-apps/ip-tags#create-an-ip-address-range

B & C seem to be the only "available" configuration settings. C. Impossible Travel: https://security.microsoft.com/cloudapps/policy/anomaly/60253687a702c5eb0e8d86ca Apart from increasing or decreasing Sensitivity (or excluding certain users), there is no other filter available. The answer option C should be corrected to "Decrease the sensitivity" and then it is the right answer ;-) B. Logon from Risky IP: https://security.microsoft.com/cloudapps/policy/activity/create?template=5b3116e1996fe317b4a1b25e This looks at "Risky" category IP addresses only, so if the offices IPs are added to "Corporate" category or "Other" category, they go automatically out of scope for this policy. So even option D. can be considered a correct answer. A. is irrelevant as "User enrichment" is the only "enrichment" related setting found: https://security.microsoft.com/cloudapps/settings?tabid=discovery-userEnrichment E. is unnecessary as explained in B. above

A, B appear to be the best answers.

To prevent alerts for legitimate sign-ins from known locations, you need to perform the following two actions: B. Add the IP addresses to the corporate address range category. This action allows you to define the IP address ranges that belong to your organization and exclude them from anomaly detection policies such as impossible travel or sign-ins from risky IP addresses. You can add the IP addresses of your company’s United States-based offices to the corporate address range category in the Microsoft 365 Defender portal, under Cloud Apps, E. Create an activity policy that has an exclusion for the IP addresses. This action allows you to create a custom alert based on user activities and apply filters or exclusions to refine the results

C: No way to adjust D: Doesn't make sense E: Not possible to exclude the IP totally

Yes B & E is correct