New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 9 Question 12 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 12
Topic #: 9
[All SC-200 Questions]

Your company uses Microsoft Defender for Endpoint.

The company has Microsoft Word documents that contain macros. The documents are used frequently on the devices of the company's accounting team.

You need to hide false positive in the Alerts queue, while maintaining the existing security posture. Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer: B, C, E

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-alerts

by Catalina at May 04, 2022, 05:51 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kami
4 months ago
Not sure about A, resolving automatically could backfire.
upvoted 0 times
...
Olga
4 months ago
C is the way to go, scoped rules are essential!
upvoted 0 times
...
Laura
4 months ago
Wait, can we really just hide alerts? Seems risky.
upvoted 0 times
...
Lettie
5 months ago
I think B is a good choice too.
upvoted 0 times
...
Donte
5 months ago
Definitely go for D, that makes sense!
upvoted 0 times
...
Leonida
5 months ago
I practiced a similar question where we had to manage alerts, and I think creating a suppression rule scoped to a device group makes the most sense for our accounting team.
upvoted 0 times
...
Monte
5 months ago
I feel like resolving the alert automatically could lead to missing actual threats, so I’m leaning towards creating a suppression rule instead.
upvoted 0 times
...
Phyliss
5 months ago
I think hiding the alert might be a quick fix, but it doesn't really help with the overall security posture, right?
upvoted 0 times
...
Brett
5 months ago
I remember we discussed suppression rules in class, but I'm not sure if they should be scoped to any device or a specific device group.
upvoted 0 times
...
Magdalene
5 months ago
Dynamic Content sounds like the right answer to me. That's the Marketo feature that needs to be approved before it can be used, if I remember correctly.
upvoted 0 times
...
Rueben
5 months ago
Hmm, I'm a bit unsure about this one. I know the iteration terminal has something to do with the loop, but I can't quite remember the exact details. I'll have to think this through carefully.
upvoted 0 times
...

Save Cancel