ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-101 All Questions

View all questions & answers for the MS-101 exam
Go to Exam

Exam MS-101 topic 2 question 27 discussion

Actual exam question from Microsoft's MS-101
Question #: 27
Topic #: 2
[All MS-101 Questions]

You have a Microsoft 365 subscription that uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
All the devices in your organization are onboarded to Microsoft Defender ATP.
You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.
What should you do?

  • A. From Alerts queue, create a suppression rule and assign an alert
  • B. From the Security & Compliance admin center, create an audit log search
  • C. From Advanced hunting, create a query and a detection rule
  • D. From the Security & Compliance admin center, create a data loss prevention (DLP) policy
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules
by VTHAR at Oct. 7, 2020, 11:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
VTHAR
Highly Voted 4 years, 8 months ago
Answer is correct.
upvoted 30 times
...
xenmo
Highly Voted 3 years, 1 month ago
Correct (although they changed the language from ATP to Defender for Endpoint)
upvoted 6 times
...
Amir1909
Most Recent 1 year, 4 months ago
Correct
upvoted 1 times
...
RiTh73
2 years, 3 months ago
Custom detection rules are rules you can design and tweak using advanced hunting queries. These rules let you proactively monitor various events and system states, including suspected breach activity and misconfigured endpoints. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
upvoted 1 times
...
rrrr5r
2 years, 9 months ago
In Sep 16th 22's exam.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel