Microsoft Azure Security Engineer Associate AZ-500 Practice Question
An Azure security engineer is repeatedly receiving the "Suspicious process executed" security alert for a single Azure virtual machine. The team has confirmed that the process is legitimate on that VM only, but the alert must continue to be generated for every other resource. In Microsoft Defender for Cloud, which action should the engineer take to meet the requirement with the least administrative effort?
Turn off the Microsoft Defender for Servers plan on the virtual machine.
Create an alert suppression rule scoped to the virtual machine's resource ID.
Disable the "Suspicious process executed" alert in the subscription-level alert configuration.
Configure the virtual machine's monitoring agent to exclude the executable from auditing.
Creating an alert suppression rule scoped to the specific virtual machine's resource ID stops Microsoft Defender for Cloud from generating that particular alert only for that resource. Suppression rules do not disable the alert globally, so other resources will still trigger the alert when the behavior is observed. Disabling the alert at the subscription level or turning off Microsoft Defender for Servers would prevent the alert (or all protection) for every resource, which violates the requirement. Excluding the executable in the monitoring agent does not affect Defender for Cloud analytics and therefore would not stop the alert from being raised.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an alert suppression rule in Microsoft Defender for Cloud?
Open an interactive chat with Bash
How do suppression rules differ from disabling alerts at the subscription level?
Open an interactive chat with Bash
What role does the monitoring agent play in security alert generation?
Open an interactive chat with Bash
Microsoft Azure Security Engineer Associate AZ-500
Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .