Microsoft Security Operations Analyst Associate SC-200 Practice Question
Your SOC receives dozens of Defender for Endpoint alerts titled "Suspicious PowerShell command" each morning. Investigation shows the alert is triggered by a signed inventory script that runs only on devices tagged FinanceInventory. You need Microsoft 365 Defender to automatically resolve future instances of this alert on those devices while still generating the alert for all other devices. Which action should you take?
Create a PowerShell remediation action to add the inventory script's folder to Microsoft Defender Antivirus exclusions for the FinanceInventory devices.
Build a custom detection rule in Microsoft 365 Defender that sets the alert severity to Informational when the device tag equals FinanceInventory.
Create an alert suppression rule in Microsoft 365 Defender that matches the alert title and the FinanceInventory device tag, and configure the rule to automatically resolve matching alerts.
Configure a file policy in Microsoft Defender for Cloud Apps that ignores the signed inventory script based on its digital signature.
Microsoft 365 Defender lets you create alert suppression (tuning) rules directly from an existing alert. A suppression rule can use multiple conditions-such as the alert title and a specific device tag or device group-to identify future occurrences. When you set the rule action to automatically resolve the alert, any matching alert generated on the scoped devices is closed immediately and excluded from new incidents, while the same alert on other devices continues to trigger as usual. Excluding the file with antivirus, changing alert severity by means of a custom detection, or configuring Microsoft Defender for Cloud Apps does not meet the requirement because these steps either disable detection entirely, do not auto-resolve the built-in alert, or involve a different service.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How do alert suppression rules work in Microsoft 365 Defender?
Open an interactive chat with Bash
What is a device tag in Microsoft 365 Defender?
Open an interactive chat with Bash
Why is configuring antivirus exclusions not a correct solution here?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .