Microsoft Security Operations Analyst Associate SC-200 Practice Question
You investigate a Sensitive group membership change alert raised by Microsoft Defender for Identity (MDI) on one of your domain controllers. After validating the change, you confirm that the activity was authorized and you want to prevent MDI from raising the same alert again when the same user adds members to the same group, while still keeping the detection active for all other users and groups. In the Microsoft 365 Defender portal, which action should you take on the alert to meet this requirement?
Set the alert status to Resolved so that identical future alerts are automatically ignored.
Isolate the domain controller that generated the alert by using Microsoft Defender for Endpoint.
Disable the Sensitive group membership change detection in the Defender for Identity settings.
Choose Suppress similar alerts and create a suppression rule scoped to the user and group involved.
Selecting Suppress similar alerts lets you create an alert-suppression rule that is scoped to the specific combination of detection type, user, group, device, or additional entities that triggered the current alert. The rule tells Microsoft Defender for Identity to ignore future occurrences that match the defined conditions, so no new alerts will be generated when that particular user modifies that particular group. The detection itself remains enabled for all other users and groups.
Marking the alert as resolved or closed updates its status in the queue but has no effect on future detections. Disabling the Sensitive group membership change detection or adding the user to the global exclusion list would suppress the alert, but they would also turn off protection more broadly than required. Isolating the domain controller is an endpoint response action available through Defender for Endpoint, not the correct way to tune an MDI alert.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Microsoft Defender for Identity (MDI)?
Open an interactive chat with Bash
What does 'Suppress similar alerts' do in Microsoft Defender for Identity?
Open an interactive chat with Bash
Why is marking an alert as 'Resolved' insufficient for future scenarios?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .