Microsoft Security Operations Analyst Associate SC-200 Practice Question
Your SOC keeps receiving repeated "Suspicious PowerShell activity" alerts from a maintenance script that legitimately runs only on servers in the Automation device group. You want to prevent new alerts about this script when it runs on those servers, but you must keep existing alerts visible for auditing. Which Microsoft 365 Defender feature should you configure to meet the requirement?
Develop a custom detection rule that excludes the maintenance script's process name.
Configure an incident email notification rule to exclude this alert title.
Create an alert suppression rule for the "Suspicious PowerShell activity" alert scoped to the Automation device group.
Add the script's file hash as an Indicator with the action set to Allow, scoped to the Automation device group.
Creating a file-hash indicator in Microsoft 365 Defender with the action set to Allow suppresses any future alerts related to that file. When you create the indicator, you can target specific device groups-such as the Automation group-so only those servers are affected. Historical alerts remain in the portal. Alert suppression rules cannot currently be scoped by device group, custom detection rules do not block alert generation, and incident email notification rules influence only who is notified, not whether alerts are generated.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a file hash indicator in Microsoft 365 Defender?
Open an interactive chat with Bash
How does scoping indicators to a device group enhance security?
Open an interactive chat with Bash
Why can't alert suppression or custom detection rules be used in this scenario?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .