Exam SC-200 topic 3 question 42 discussion

To suppress alerts at the management group level, use Azure Policy

"To suppress alerts at the management group level, use Azure Policy" https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-suppression-rules#create-a-suppression-rule

Option

You can apply suppression rules to management groups or to subscriptions. To suppress alerts for a management group, use Azure Policy. https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-suppression-rules

To minimize effort I would go with A, set it once, forget it and keep it enforced. A - Can set it at Management Group level B - Nothing to do alert suppression C - Generate an alert, will not suppress another D - You can suppress an alert, but not at Management Group or Subscription level Looking at the Policy Definitions: Suppress Azure Security Center alerts to reduce alerts fatigue by deploying suppression rules on your management group or subscription. https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference

Answer is A https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-suppression-rules

"Modifying alert settings" on the Security Alerts Page in Defender for cloud includes the option to create suppression rules. https://learn.microsoft.com/en-us/azure/defender-for-cloud/managing-and-responding-alerts

A. Create an Azure Policy assignment. By creating an Azure Policy assignment at the root management group level, you can define a policy to suppress specific Defender for Cloud security alerts. This allows you to ensure that the policy applies to all subscriptions and resources under the management group, without the need to modify the settings for each individual subscription.

I could see it being either A or D depending if they are only going to have 2 subscriptions or add more in the future. Should we assume that they are never adding anymore than the 2 they already have?

A. Create an Azure Policy assignment. To suppress specific Defender for Cloud security alerts at the root management group level, you can create an Azure Policy assignment. This will allow you to apply a policy that will suppress the alerts across all subscriptions and management groups in the tenant. Azure Policy allows you to define and assign policies that govern your resources and enforce compliance. By creating an Azure Policy assignment, you can set up the suppression of alerts in one place, minimizing administrative effort.

To ensure that specific Defender for Cloud security alerts are suppressed at the root management group level, you should create an Azure Policy assignment.

https://docs.microsoft.com/en-us/azure/defender-for-cloud/alerts-suppression-rules#create-a-suppression-rule https://learn.microsoft.com/en-us/azure/governance/policy/overview#assignments https://www.red-gate.com/simple-talk/cloud/azure/azure-policies-and-management-groups/ Think the answer is correct; D. Because is the one with minimize administrative effort as you can see here: https://learn.microsoft.com/en-us/answers/questions/8713/what-is-the-min-iam-role-required-to-create-azure.html https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions#roles-and-allowed-actions

D is correct. When making a suppression you can select one, multiple or all subscriptions.