You have Microsoft 365 E5 subscription. You create two alert policies named Policy1 and Policy2 that will be triggered at the times shown in the following table. How many alerts will be added to the Microsoft Purview portal?
Answer is incorrect, it should be C. 4, based on https://learn.microsoft.com/en-us/purview/compliance-manager-alert-policies
"When multiple events that match the conditions of an alert policy occur within one minute, they're added to an existing alert by a process called alert aggregation." So:
Policy 1: has 3 alerts in less than a minute, so 1 alert is generated, then a further 2 alerts separated by more than a minute each, consolidated that's 3 alerts
Policy 2: has 2 alerts all within the same minute, so that is 1 alert
Answer is C.
Microsoft 365 E5: 1-minute aggregation interval
Same aggregation logic: When multiple events that match the conditions of an alert policy occur with a short period of time, they're added to an existing alert by a process called alert aggregation
Sorry, it should be C
To prevent alert overload, policy matches on the same item in the same location are grouped if they occur within a one-minute window.
https://learn.microsoft.com/en-us/training/modules/purview-data-loss-prevention-alerts/configure-data-loss-prevention-alert-generation
It should be Answer A.
All matches that are detected within a span of 60 minutes will be grouped into one single alert to reduce excessive notifications
https://learn.microsoft.com/en-us/purview/compliance-manager-alert-policies#default-score-change-policy
When the same alert is generated multiple times within a short period (by default 5 minutes), Microsoft Purview consolidates these occurrences into a single alert in the portal.
Each alert policy triggers independently based on the specified times. Here are the times again:
Policy1: 10:00:00, 10:00:04, 10:01:01, 10:04:45 (4 alerts)
Policy2: 10:00:03, 10:00:31 (2 alerts)
Since each trigger time results in a separate alert, we count all the times:
Policy1: 4 alerts
Policy2: 2 alerts
Adding them together, we get 6 alerts. Therefore, the correct answer is E. 6.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.SC-401 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
PsiCzar
Highly Voted 1 month, 3 weeks agoJdr379
1 month agoJdr379
Most Recent 1 month ago4d76265
1 month, 3 weeks agoCuentaRM10
1 month, 3 weeks agoCuentaRM10
1 month, 3 weeks agopapillor
1 month, 3 weeks agopapillor
1 month, 3 weeks agojeff1988
2 months, 1 week ago