Microsoft Security Operations Analyst Associate SC-200 Practice Question
You are a Security Operations Analyst for Contoso. In Microsoft Defender XDR, you see dozens of daily "Suspicious PowerShell command line" alerts triggered by an internal compliance-scanner script that runs from C:\Tools\Scan.ps1 on several servers. You have verified the activity is benign, but you still want Defender XDR to raise the same alert if any other script exhibits the behavior. Which action should you take to meet the requirement?
Create a custom detection rule that changes the alert severity to Informational when the scanner script runs.
Create an alert suppression rule scoped to the alert type and the specific process command line that automatically closes matching alerts.
Add the scanner script's folder to the Microsoft Defender Antivirus exclusion list on the affected servers.
Configure an attack surface reduction (ASR) rule exception for applications launched from C:\Tools.
An alert suppression rule in Microsoft Defender XDR lets you define conditions (such as alert title, file name, file path, process command line, device group, or user) that, when met, automatically mark future matching alerts as Closed (False positive) without disabling the underlying detection logic. By scoping the rule to the specific command line used by the compliance-scanner script, only those alerts will be resolved automatically, while any new instance of the same alert triggered by a different script or path will still surface.
A custom detection rule (distractor) merely generates additional alerts and cannot auto-resolve system alerts. An antivirus exclusion or an ASR exception suppresses scanning or blocking for the executable but also prevents any future detection of malicious use of the same file or path, which fails the requirement to keep other instances of the alert active.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does an alert suppression rule do in Microsoft Defender XDR?
Open an interactive chat with Bash
What are the risks of adding an exclusion list in Microsoft Defender Antivirus?
Open an interactive chat with Bash
Why is a custom detection rule not suitable for resolving alert suppression in this scenario?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .