Exam MS-102 All QuestionsBrowse all questions from this exam
Go to Exam
Question 193

HOTSPOT

-

Your company uses Microsoft Defender for Endpoint.

The devices onboarded to Microsoft Defender for Endpoint are shown in the following table.

The alerts visible in the Microsoft Defender for Endpoint alerts queue are shown in the following table.

You create a suppression rule that has the following settings:

• Triggering IOC: Any IOC

• Action: Hide alert

• Suppression scope: Alerts on ATP1 device group

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
Paul_white

Answer Y-Y-N is correct. Existing alerts are not suppressed after the rule is created: When a suppression rule is created, it will take effect from the point when the rule is created. The rule will not affect existing alerts already in the queue, prior to the rule creation. The rule will only be applied on alerts that satisfy the conditions set after the rule is created. Link: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-alerts?view=o365-worldwide#suppress-alerts

cb0900

Given answers seem correct. Q1/Q2. Both Y. The alerts were generated before the suppression rule was enabled. The alerts remain. Q3. N https://www.examtopics.com/discussions/microsoft/view/49354-exam-ms-101-topic-2-question-24-discussion/

DiligentSam

Given answers seem correct

Murad01

Given answers are correct