Microsoft 365 Administrator Expert MS-102 Practice Question
Your SOC uses Microsoft Defender XDR. Analysts repeatedly receive the alert "Suspicious PowerShell command line" generated by a sanctioned automation script that runs nightly on 200 servers. After confirming the script is benign, you must stop further occurrences of this specific alert while keeping all other PowerShell-related detections active. What should you do from the alert details pane?
Add the script's file hash as an allowed indicator in Microsoft Defender for Endpoint.
Create an alert suppression rule for the alert's command-line pattern.
Resolve the incident and mark it as a false positive.
Configure a Microsoft Defender Antivirus exclusion for the folder that stores the script.
Selecting "Manage alert suppression" and creating a suppression rule scoped to the script's unique command-line string prevents Microsoft Defender XDR from surfacing the same alert again for that benign activity. The rule targets only matching alerts, so other PowerShell threat detections continue to generate alerts normally.
Resolving the incident or setting its classification to "false positive" closes only the current record; new alerts will still be generated the next time the script runs. Adding the script's file hash as an allowed indicator or configuring an antivirus folder exclusion affects malware scanning, not behavior-based PowerShell alerts, and would not suppress the specific alert.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an alert suppression rule in Microsoft Defender XDR?
Open an interactive chat with Bash
How does suppressing alerts differ from marking them as false positives?
Open an interactive chat with Bash
Why is adding a file hash or antivirus exclusion not suitable for suppressing this alert?
Open an interactive chat with Bash
Microsoft 365 Administrator Expert MS-102
Manage security and threats by using Microsoft Defender XDR
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .