Answer should be D - Tested in Lan
Use the Defender for Cloud Apps Policy Template "Mass download by a single user: Alert when a single user performs more than 50 downloads within 1 minute." Filtering by Type shows it is an "Activity Policy"
Tested in Lab,
Anomaly Detection Policy - Will build a baseline over a 7 day period and will start to generate alerts on abnormal activities. This MAY meet your goal but you cannot guarantee that it will send an alert in this specific scenario.
Activity Policy - Allows you to specify the specific requirements for the alert to be triggered, such as specifying 50 files in 1 minute. This is the right answer.
B. an anomaly detection policy
Go to the Microsoft Defender for Cloud Apps portal (https://security.microsoft.com/).
Click on "Policies" from the left-hand menu, then click "Anomaly detections".
Click "Create policy" and enter a name and description for the policy.
Under the "User and entity" section, select the user or group you want to monitor.
Under the "Activity" section, select "Download" for the activity type.
Under the "Threshold" section, set the threshold to "50" for the number of files downloaded, and "60 seconds" for the time period.
Optionally, you can configure other settings such as the severity level and the actions to take when the policy is triggered.
Click "Create" to save the policy.
I checked this in my test tenant - and I honestly do not know what you're talking about. None of the settings that you mention for an anomaly detection policy are available. Things might have changed in the last three months - but by now B is not an option.
Option D, an activity policy, could also be a good answer for this scenario. An activity policy can be used to monitor and alert on specific activities, such as file downloads, performed by users. However, an anomaly detection policy is specifically designed to detect unusual behavior and activity patterns that may indicate a potential threat or risk. In this case, since the requirement is to be notified when a single user downloads more than 50 files during any 60-second period, an anomaly detection policy may be a more appropriate choice.
https://learn.microsoft.com/en-us/defender-cloud-apps/user-activity-policies
Activity policies allow custom alerts to be sent or actions taken when user activity is detected. For example, you want to know every time:
- A user tries to sign in and fails 70 times in one minute
- A user downloads 7,000 files
- A user is logged in from an unfamiliar country/region
Selected Answer: D
Activity policies can set activity and timeframe. Anomaly detection policy is only support Unusual activities
https://learn.microsoft.com/en-us/defender-cloud-apps/user-activity-policies
Use the Defender for Cloud Apps Policy Template "Mass download by a single user: Alert when a single user performs more than 50 downloads within 1 minute." Filtering by Type shows it is an "Activity Policy"
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.MS-101 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Fala_Fel
Highly Voted 2 years, 5 months agoAmir1909
Most Recent 1 year, 4 months agojamspurple
2 years, 1 month agoMeebler
2 years, 3 months agoJakub2023
2 years agoMeebler
2 years, 3 months agohufflepuff
2 years, 4 months agoEsamiTopici
2 years, 2 months agoEsamiTopici
2 years, 2 months agoJB12340987
2 years, 4 months agoEsamiTopici
2 years, 3 months agoegsalvadori
2 years, 5 months agoJame
2 years, 5 months agoFala_Fel
2 years, 5 months ago