What should you do first?

SC-200 V6 0 Comments

You have an Azure subscription that contains a virtual machine named VM1 and uses Azure Defender. Azure Defender has automatic provisioning enabled.

You need to create a custom alert suppression rule that will supress false positive alerts for suspicious use of PowerShell on VM1.

What should you do first?
A . From Azure Security Center, add a workflow automation.
B. On VM1, run the Get-MPThreatCatalog cmdlet.
C. On VM1 trigger a PowerShell alert.
D. From Azure Security Center, export the alerts to a Log Analytics workspace.

Answer: C

Explanation:

Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-alerts?view=o365-worldwide

Latest SC-200 Dumps Valid Version with 75 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SC-200 PDF     SC-200 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments