ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 2 question 20 discussion

Actual exam question from Microsoft's SC-200
Question #: 20
Topic #: 2
[All SC-200 Questions]

You have a suppression rule in Azure Security Center for 10 virtual machines that are used for testing. The virtual machines run Windows Server.
You are troubleshooting an issue on the virtual machines.
In Security Center, you need to view the alerts generated by the virtual machines during the last five days.
What should you do?

  • A. Change the rule expiration date of the suppression rule.
  • B. Change the state of the suppression rule to Disabled.
  • C. Modify the filter for the Security alerts page.
  • D. View the Windows event logs on the virtual machines.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by PJR at Oct. 11, 2021, 3:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PJR
Highly Voted 3 years, 6 months ago
I think this is incorrect and the answer should be C - Modify the filter for the Security alerts page. Answer B would prevent future alerts from being supressed but the question is asking to view alerts created in the last 5 days - these would have been dismissed by the supression rule and to view them you need to alter the filter to display dismissed alerts. Ref: https://docs.microsoft.com/en-us/azure/security-center/alerts-suppression-rules#what-are-suppression-rules
upvoted 58 times
Lone__Wolf
2 years, 2 months ago
Exact Thoughts! The answer is C.
upvoted 1 times
...
...
Ferrix
Highly Voted 3 years, 6 months ago
Corret answer is C
upvoted 15 times
...
xRiot007
Most Recent 4 months, 4 weeks ago
Selected Answer: C
A - No, you don't need to change any expiration of anything B - No, you don't need to disable anything C - Yes, you need to change the timeframe inside the rule D - off-topic
upvoted 2 times
...
Nikki0222
6 months, 1 week ago
C correct
upvoted 1 times
...
dcceda3
7 months, 1 week ago
C. Modify the filter for the Security alerts page. Explanation: Suppression rules do not delete alerts; they only hide them from view. By modifying the filter on the Security alerts page, you can view suppressed alerts without disabling or modifying the suppression rule. Disabling or changing the rule would not retroactively reveal previously suppressed alerts, but changing the filter will allow you to view them.
upvoted 2 times
...
Baz10
1 year, 2 months ago
Selected Answer: C
I said C GPT says C Comments are saying C Who decided it was B?
upvoted 4 times
...
blueking
1 year, 4 months ago
Alert suppression rule will not create Incident and Email notification, it will still have that alert in alert page in security center. to view the alerts for last five-day for those systems you need to apply filter in security page so the Corret answer is C.
upvoted 1 times
...
blueking
1 year, 4 months ago
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-suppression-rules?view=o365-worldwide View details of a suppression rule In the navigation pane, select Settings > Endpoints > Rules > Alert suppression. The list of suppression rules that users in your organization have created is displayed. Click on a rule name. Details of the rule is displayed. You'll see the rule details such as status, scope, action, number of matching alerts, created by, and date when the rule was created. You can also view associated alerts and the rule conditions.
upvoted 1 times
...
chepeerick
1 year, 6 months ago
Correct C modify the filter
upvoted 1 times
...
Monitor
1 year, 7 months ago
"The Microsoft Defender plans detect threats in your environment and generate security alerts. When a single alert isn't interesting or relevant, you can manually dismiss it. Suppression rules let you automatically dismiss similar alerts in the future." Dismissed alerts aren't shown by default. Answer is C; you have to modify the filter.
upvoted 1 times
...
mali1969
1 year, 8 months ago
Selected Answer: B
correct answer is B. Change the state of the suppression rule to Disabled. This will allow you to view the alerts generated by the virtual machines during the last five days. To change the state of the suppression rule, you can follow these steps: From Defender for Cloud’s security alerts page, select Suppression rules at the top of the page. The suppression rules page opens with all the rules for the selected subscriptions. To edit a single rule, open the three dots (…) at the end of the rule and select Edit. Change the state of the rule to Disabled and select Apply.
upvoted 1 times
mali1969
1 year, 8 months ago
the correct answer is C. Modify the filter for the Security alerts page. The other options are not correct because: A. Change the rule expiration date of the suppression rule: This option will not help you view the alerts generated by the suppressed resources, but only change the duration of the suppression rule B. Change the state of the suppression rule to Disabled: This option will not help you view the alerts generated by the suppressed resources, but only disable the suppression rule and allow new alerts to be generated D. View the Windows event logs on the virtual machines: This option will not help you view the alerts generated by Security Center, but only show you the Windows event logs on the virtual machines, which may not contain all the relevant information
upvoted 3 times
...
...
Oryx360
1 year, 8 months ago
Selected Answer: C
In Security Center, to view the alerts generated by the virtual machines during the last five days, you should modify the filter for the Security alerts page. Option C is the correct answer: C. Modify the filter for the Security alerts page. By adjusting the filter settings on the Security alerts page, you can specify the time range and the specific criteria you want to apply to view the alerts generated by the virtual machines within the last five days. This will help you focus on the relevant alerts related to the troubleshooting issue you are investigating.
upvoted 1 times
...
tduarte14
2 years ago
Selected Answer: C
C is correct. You need to change the filter as it's only showing "Active, In Progress"
upvoted 1 times
...
[Removed]
2 years, 2 months ago
Selected Answer: C
Azure Security Center, you should modify the filter for the Security alerts page. The suppression rule is designed to prevent alerts from being generated, so it should not be affecting the ability to view alerts. To modify the filter for the Security alerts
upvoted 2 times
...
Valunchai
2 years, 2 months ago
Selected Answer: B
First, Disable suppressed rule and filter or scroll to see last 5 days alert.
upvoted 2 times
...
Wutan
2 years, 3 months ago
Selected Answer: C
C is the correct one in my opinion.
upvoted 1 times
...
Haha0010
2 years, 3 months ago
Selected Answer: C
In exam today (16 jan 2023)
upvoted 6 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago