ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 193 discussion

Actual exam question from Microsoft's MS-102
Question #: 193
Topic #: 1
[All MS-102 Questions]

HOTSPOT
-

Your company uses Microsoft Defender for Endpoint.

The devices onboarded to Microsoft Defender for Endpoint are shown in the following table.



The alerts visible in the Microsoft Defender for Endpoint alerts queue are shown in the following table.



You create a suppression rule that has the following settings:

• Triggering IOC: Any IOC
• Action: Hide alert
• Suppression scope: Alerts on ATP1 device group

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by cb0900 at Sept. 22, 2023, 12:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Paul_white
Highly Voted 1 year, 8 months ago
Answer Y-Y-N is correct. Existing alerts are not suppressed after the rule is created: When a suppression rule is created, it will take effect from the point when the rule is created. The rule will not affect existing alerts already in the queue, prior to the rule creation. The rule will only be applied on alerts that satisfy the conditions set after the rule is created. Link: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-alerts?view=o365-worldwide#suppress-alerts
upvoted 12 times
...
cb0900
Highly Voted 1 year, 8 months ago
Given answers seem correct. Q1/Q2. Both Y. The alerts were generated before the suppression rule was enabled. The alerts remain. Q3. N https://www.examtopics.com/discussions/microsoft/view/49354-exam-ms-101-topic-2-question-24-discussion/
upvoted 6 times
...
AdamRachel
Most Recent 7 months, 1 week ago
scope is not only for all alerts on devices on ATP1 scope so only all alerts on device 1 are suppressed??
upvoted 1 times
...
Murad01
11 months ago
Given answers are correct
upvoted 1 times
...
DiligentSam
1 year, 8 months ago
Given answers seem correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel