\C. An alert policy.
To be alerted when Microsoft 365 Defender detects high-severity incidents, you should use an alert policy. An alert policy allows you to define specific conditions and triggers based on various events, including high-severity incidents detected by Microsoft 365 Defender. When the specified conditions are met, the alert policy will generate an alert and notify you or other designated individuals or teams.
Threat policies are used to define specific security rules and settings for protecting your organization from various threats. Custom detection rules allow you to create custom detections based on specific conditions. However, for receiving alerts specifically for high-severity incidents detected by Microsoft 365 Defender, an alert policy is the appropriate choice.
Notification rules are used to configure notifications for specific actions or changes within Microsoft 365 services, but they are not specifically designed for high-severity incident alerts.
Would go with D as an Alert you have to specify an 'Incident' to be alerted of, however with a notification rule it will alert for any incidents from a specific source such as 'Microsoft Defender for Identity'
C. an alert policy
An alert policy can be used to trigger an alert when a high-severity incident is detected by Microsoft 365 Defender. The policy can be customized to specify the severity level of the incident and the actions to take when the alert is triggered, such as sending an email notification or initiating an automated response.
alert policies provide more functionality than notification rules as they allow you to configure more advanced conditions for triggering alerts, specify actions to take when an alert is triggered, and customize alert notifications. You can also configure alert suppression and exclusions, as well as schedule alerts for specific times.
On the other hand, notification rules are more basic and only allow you to receive an email notification when a specific type of event occurs. They do not provide the same level of customization and control over the alerting process as alert policies.
Therefore, in this scenario, using an alert policy would be a better option than a notification rule, as it provides more flexibility and control over the alerting process.
Looks like a Notification Rule to me.
https://learn.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide#create-a-rule-for-email-notifications
Go to Microsoft 365 Defender in the navigation pane, select Settings > Microsoft 365 Defender > Incident email notifications.
On the Notification Settings set the Alert Severity.
Once you get the notification, you can go directly to the incident and start your investigation right away.
It specifically asks to be notified about an 'Incident', not just alerts. Below lists Microsoft explanation of what an 'Incident' is, sourced from my original link.
An incident in Microsoft 365 Defender is a collection of correlated alerts and associated data that make up the story of an attack.
Microsoft 365 services and apps create alerts when they detect a suspicious or malicious event or activity. Individual alerts provide valuable clues about a completed or ongoing attack. However, attacks typically employ various techniques against different types of entities, such as devices, users, and mailboxes. The result is multiple alerts for multiple entities in your tenant.
Because piecing the individual alerts together to gain insight into an attack can be challenging and time-consuming, Microsoft 365 Defender automatically aggregates the alerts and their associated information into an incident.
This section is not available anymore. Please use the main Exam Page.MS-101 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sehlohomoletsane
Highly Voted 2 years, 3 months agodapkor
Most Recent 1 year, 9 months agoJo696
1 year, 10 months agoGotDamnImIn
2 years agoorlan
2 years agoMeebler
2 years, 1 month agoEsamiTopici
2 years, 1 month agoLelek
2 years, 2 months agohufflepuff
2 years, 2 months agoEsamiTopici
2 years, 2 months agohufflepuff
2 years, 2 months agoEsamiTopici
2 years, 2 months agocertacc
2 years, 3 months ago