ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-101 All Questions

View all questions & answers for the MS-101 exam
Go to Exam

Exam MS-101 topic 2 question 25 discussion

Actual exam question from Microsoft's MS-101
Question #: 25
Topic #: 2
[All MS-101 Questions]

HOTSPOT -
Your company uses Microsoft Defender for Endpoint.
The devices onboarded to Microsoft Defender for Endpoint are shown in the following table.

The alerts visible in the Microsoft Defender for Endpoint alerts queue are shown in the following table.

You create a suppression rule that has the following settings:
✑ Triggering IOC: Any IOC
✑ Action: Hide alert
✑ Suppression scope: Alerts on ATP1 machine group
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
A suppression rule will not affect alerts that are already in the alerts queue. Only new alerts will be suppressed.
by ZuluHulu at Oct. 26, 2021, 10:45 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MartiFC
Highly Voted 3 years, 8 months ago
When a suppression rule is created, it will take effect from the point when the rule is created. The rule will not affect existing alerts already in the queue, prior to the rule creation. The rule will only be applied on alerts that satisfy the conditions set after the rule is created. https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-alerts?view=o365-worldwide So, I tink that the answers are Y,Y,N
upvoted 18 times
...
Goena
Highly Voted 3 years, 6 months ago
- Yes, alert 1 was already created before suppression was enabled. It won't be suppressed retroactively. - Yes, Alert 3 was already created and doesn't apply. Either way, it will still show up. - No, the suppression rule is already in place before the alert can be created.
upvoted 6 times
...
Contactfornitish
Most Recent 2 years, 10 months ago
On exam on 13 aug'22
upvoted 5 times
...
L33D
3 years ago
Still valid, on exam Jun 25, 2022
upvoted 3 times
...
ZuluHulu
3 years, 8 months ago
Wouldn't the answer to the 3rd question be No? The suppression scope is limited to ATP1.
upvoted 6 times
MartiFC
3 years, 7 months ago
Device2 is ATP1 Machine Group
upvoted 5 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel