ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-101 All Questions

View all questions & answers for the MS-101 exam
Go to Exam

Exam MS-101 topic 2 question 133 discussion

Actual exam question from Microsoft's MS-101
Question #: 133
Topic #: 2
[All MS-101 Questions]

DRAG DROP
-

You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps.

You need to configure policies to meet the following requirements:

• Display an alert when a single user downloads many files.
• Display an alert when infrequent activity from a country is detected.

Which type of policy should you configure for each requirement? To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by EsamiTopici at April 6, 2023, 12:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Amir1909
1 year, 4 months ago
Correct
upvoted 1 times
...
NitishKarmakar
1 year, 9 months ago
1. Unusual file download (by user) (Anomaly detection policy) - This policy profiles your environment and triggers alerts when users perform multiple file download activities in a single session with respect to the baseline learned, which could indicate an attempted breach. 2. Activity from infrequent country (Anomaly detection policy)- This policy profiles your environment and triggers alerts when activity is detected from a location that was not recently or never visited by the user or by any user in the organization. Detecting anomalous locations necessitates an initial learning period of 7 days, during which it does not alert on any new locations.
upvoted 1 times
NitishKarmakar
1 year, 9 months ago
I am confused, Activity Policy "Mass download by a single user" is also apt as the first option. I think the exam will give the option to select one item once only. So 1. answer should be instead and Activity Policy (AP). But logically Anomaly Detection Policy (ADP) can work in both scenarios. So what makes AP preferable over ADP in real-world scenarios? EsamiTopic seems to be correct about it.
upvoted 1 times
...
...
EsamiTopici
2 years, 2 months ago
Correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel