Microsoft Security Operations Analyst Associate SC-200 Practice Question
Using Microsoft 365 Defender, you repeatedly receive false-positive alerts that a nightly, company-signed PowerShell utility is performing credential dumping on several on-premises Windows Server hosts. You need to ensure alerts that match this utility's unique SHA-256 file hash are automatically closed in the future, while alerts for other files that perform genuine credential dumping continue to be raised. Which action should you take?
Create an alert suppression rule that targets the file's SHA-256 hash and applies it to the affected devices.
Disable the corresponding analytics rule in Microsoft Sentinel to stop the alert from being generated.
Edit the credential-dumping built-in alert and change its severity to Informational in Microsoft 365 Defender.
Add the file's SHA-256 hash to the Microsoft Defender Antivirus exclusion list by using Intune device configuration profiles.
In Microsoft 365 Defender, an alert suppression rule is designed to automatically close existing alerts and prevent new alerts that match the same conditions from appearing. When you scope a suppression rule to a specific entity-such as a file identified by its SHA-1 or SHA-256 hash-the rule applies only to alerts that involve that exact file across the selected device group or tenant. This stops the benign utility's alerts from cluttering the queue without affecting detections for other credential-dumping files.
Placing the hash on the antivirus allow list (also called an AV exclusion) prevents malware scanning actions but does not suppress alerts that originate from other Defender XDR components such as Endpoint detection rules. Lowering severity in a custom detection rule would not affect the built-in alert that is firing. Disabling a Microsoft Sentinel analytics rule is irrelevant because the alert is generated in Microsoft Defender XDR, not Sentinel.
Therefore, creating an alert suppression rule scoped to the file's SHA-256 hash is the correct solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an alert suppression rule in Microsoft 365 Defender?
Open an interactive chat with Bash
What is the difference between an antivirus exclusion and an alert suppression rule?
Open an interactive chat with Bash
What is a SHA-256 file hash and why is it used in alert suppression?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .