You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.
All the devices in your organization are onboarded to Microsoft Defender for Endpoint.
You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.
What should you do?
Same question as #368 : https://www.examtopics.com/exams/microsoft/ms-102/view/37/ Answer is D.
The key here is that you want a custom alert when malicious activity is detected on an endpoint in the last 24 hours. You achieve this by creating a custom Detection Rule from an Advanced Hunting query in the Microsoft Defender portal. A (alert suppression) is for hiding or limiting unwanted alerts, not generating new ones. B (audit log search) and C (DLP policy) are both done in Microsoft Purview compliance; they don’t create Defender for Endpoint alerts about malicious activity. D (Advanced hunting query + detection rule) is how you define a custom condition for malicious activity and instruct Defender to raise an alert whenever that condition is met.
I believe the answer is wrong, it should be A