Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

Your SOC receives dozens of Defender for Endpoint alerts titled "Suspicious PowerShell command" each morning. Investigation shows the alert is triggered by a signed inventory script that runs only on devices tagged FinanceInventory. You need Microsoft 365 Defender to automatically resolve future instances of this alert on those devices while still generating the alert for all other devices. Which action should you take?

  • Build a custom detection rule in Microsoft 365 Defender that sets the alert severity to Informational when the device tag equals FinanceInventory.

  • Create an alert suppression rule in Microsoft 365 Defender that matches the alert title and the FinanceInventory device tag, and configure the rule to automatically resolve matching alerts.

  • Configure a file policy in Microsoft Defender for Cloud Apps that ignores the signed inventory script based on its digital signature.

  • Create a PowerShell remediation action to add the inventory script's folder to Microsoft Defender Antivirus exclusions for the FinanceInventory devices.

Microsoft Security Operations Analyst Associate SC-200
Configure protections and detections
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot