MS-102 Exam QuestionsBrowse all questions from this exam
Go to Exam

MS-102 Exam - Question 188

HOTSPOT

-

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

Exam MS-102 Question 188

At 08:00, you create an incident notification rule that has the following configurations:

• Name: Notification1

• Notification settings

• Notify on alert severity: Low

• Device group scope: All (3)

• Details: First notification per incident

• Recipients: [email protected], [email protected]

At 08:02, you create an incident notification rule that has the following configurations:

• Name: Notification2

• Notification settings

• Notify on alert severity: Low, Medium

• Device group scope: DeviceGroup1, DeviceGroup2

• Recipients: [email protected]

In Microsoft 365 Defender, alerts are logged as shown in the following table.

Exam MS-102 Question 188

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Exam MS-102 Question 188
Show Answer
Correct Answer:
Exam MS-102 Question 188

Discussion

14 comments
Sign in to comment
ninjanaja
Sep 18, 2023

My answer: YNN

vercracked_007
Sep 13, 2023

Should this not be YYN two different notification rules

OHMSS
Jan 16, 2025

User2 already got a notification from 8:05 so answer is NO

AleFCI1908
Oct 13, 2024

NNN 1 only one mail send for a activity 2 8.07 same activity, the mail was prevously send 3 8.20 high risk level, not in the policy

Tr619899
Oct 1, 2024

Statements: 1. [email protected] will receive two incident notification emails for the alert at 8:05 - NO Notification1 is configured to send the first notification per incident. Since this is the first notification for Activity1, User1 will receive one email for the alert at 08:05. They will not receive a second email for the same alert. 2. [email protected] will receive an incident notification email for the alert at 8:07 - NO Since Notification1 is set to send only the first notification per incident, and Activity1 already triggered a notification at 08:05, User2 will not receive an additional notification for the alert at 08:07. 3. [email protected] will receive an incident notification email for the alert at 8:20 - NO Notification1 applies only to Low severity alerts, and Notification2 applies only to Low and Medium severity alerts. The alert at 08:20 has a high severity, so User1 will not receive a notification for this alert.

benpatto
Dec 1, 2023

https://www.examtopics.com/discussions/microsoft/view/81762-exam-ms-101-topic-2-question-101-discussion/# Go to bac0n answer (roller coaster) which perfectly describes this. N/N/N

OwerGame
Mar 28, 2024

bac0n 1 year, 3 months ago Was able to get a test VM set up on my homelab and onboard it to Defender for Endpoint using script; set up two device groups and added the same machine to each and just made them check for All (I didn't want to do anything unsafe). Downloaded test EICAR_TEST_FILE virus (look it up, it's safe) and I got ONE notification, NOT TWO, for the alert. NNN.

Paul_white
Oct 6, 2023

Correct answer is NO, NO, NO https://www.examtopics.com/discussions/microsoft/view/81762-exam-ms-101-topic-2-question-101-discussion/#

Milad666
Oct 11, 2023

Correct Answer is : Y N N Y, N, N User1 will receive two incident notifications from "notification1" and "notification2" User2 already received incident notification on device1 from the incident at 8:05 User1 will not receive at 8:20 as the severity is high and doesn'y apply

Nail
Nov 14, 2023

N,N,N makes sense. #1 rule: thou shalt never make Microsoft look bad. It would make MS look bad if a user received two alerts when they only need to get one. They are showing you the awesomeness of MS that they will not send you more alerts than are necessary. MS products are way too awesome for that!

jt2214
Oct 14, 2023

I'm going to agree with Paul_white based on the link he provided. N/N/N https://www.examtopics.com/discussions/microsoft/view/81762-exam-ms-101-topic-2-question-101-discussion/#

spatrick
Jun 6, 2024

Box 1: No - Notification it has: First notification per incident Only notify on first occurrence per incident - Select if you want a notification only on the first alert that matches your other selections. Later updates or alerts related to the incident won't send additional notifications. Box 2: Yes - Box 3: No - Severity of the 8:20 incident is high, so neither of the notification rules will trigger. Note: Alert severity - Choose the alert severities that will trigger an incident notification. For example, if you only want to be informed about high-severity incidents, select High. Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview

APK1
Aug 20, 2024

NNN is the currect answer 1. User1 will not receive 2 alerts within one minute 2. User2 already got alert at 8:05 (again within one minute user2 will not get at 8:07) 3. High alert is not configured

ca7859c
Apr 18, 2025

NNN User1 received an alert at 8:05 (receives only 1 alert for Activity and won't receive the repeat at 8:07(both are activity 1)) User2 received an alert at 8:05 (with user1 since they are both in policy1, which receives only 1 alert for Activity and won't receive the repeat at 8:07 (both are activity 1)) User1 won't receive an alert, as policy1 is low & policy2 is medium & low, while the alert is High

Tomtom11
Apr 28, 2024

https://learn.microsoft.com/en-us/defender-xdr/configure-email-notifications

AdamRachel
May 12, 2024

I say the answer is correct. No: The device will receive only one incident alert at 8:05 as notification1 is set: first alert per incidents. Yes: device is in scope to receive alert for this incident. No: Alert is severity High

BurtSmart
Jun 17, 2024

Note the words here, chose to be notified on first ocurrence of incident. https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/get-email-notifications-on-new-incidents-from-microsoft-365/ba-p/2012518#:~:text=You%20can%20also%20choose%20to,name%2C%20severity%2C%20and%20category.&text=Once%20you%20get%20the%20notification,start%20your%20investigation%20right%20away.

Khanbaba43
Aug 20, 2024

N, N, N One alert not 2. Already got an alert at 805 Alert high so won't get it.