ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 368 discussion

Actual exam question from Microsoft's MS-102
Question #: 368
Topic #: 1
[All MS-102 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.

All the devices in your organization are onboarded to Microsoft Defender for Endpoint.

You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.

What should you do?

  • A. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.
  • B. From the Microsoft Defender portal, create an alert suppression rule and assign an alert.
  • C. From Advanced hunting, create a query and a detection rule.
  • D. From the Microsoft Defender portal, create an Advanced hunting query and a detection rule.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by makonmakon at Feb. 6, 2025, 9:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
makonmakon
Highly Voted 2 months, 3 weeks ago
Selected Answer: D
Looks like C and D are the same answers but D provides complete explanation.
upvoted 7 times
...
sVn01
Most Recent 1 month, 2 weeks ago
Selected Answer: D
D is correct, i think because its 'From the Defender Portal' instead of answer C.
upvoted 1 times
...
SeijuroSGD
1 month, 3 weeks ago
The correct answer is: C D. Microsoft Defender portal (Advanced hunting query and detection rule) – This is almost correct, but Advanced hunting is inside Microsoft Defender, so this is redundant. The correct way is via Advanced hunting > Detection rule (option C).
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago