ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 391 discussion

Actual exam question from Microsoft's MS-102
Question #: 391
Topic #: 1
[All MS-102 Questions]

You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps.

You need to ensure that when a user-based alert is triggered in Defender for Cloud Apps, the user is marked as compromised.

Which two options can you use to automate the response? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point

  • A. a Microsoft Power Automate playbook
  • B. a user tag
  • C. a custom detection rule
  • D. a block script
  • E. an automated remediation level
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️
by tunstila at June 12, 2025, 6:03 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Shreekb27
1 week ago
Selected Answer: AE
A. You can create a playbook that takes the user details from the alert and uses the "Microsoft Entra ID" connector to perform the action "Confirm user as compromised". This directly sets the user's risk level to "High" in Microsoft Entra Identity Protection, achieving the goal through custom orchestration. E. If an automated investigation (which can be triggered by alerts from Defender for Cloud Apps) determines a user account has been compromised, one of its built-in remediation actions is to mark the user as compromised. This achieves the goal through native, built-in automation.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel