SC-200 · Question #85
SC-200 Question #85: Real Exam Question with Answer & Explanation
The correct answer is C: Modify the filter for the Security alerts page.. Suppressed alerts will be hidden in Azure Security Center, Azure Sentinel and third-party SIEM solutions, but will still be reachable if needed later on with dismissed state. So you have to modify the filter to display dismissed alerts and not the "Active" one. https://techcommun
Question
You have a suppression rule in Azure Security Center for 10 virtual machines that are used for testing. The virtual machines run Windows Server. You are troubleshooting an issue on the virtual machines. In Security Center, you need to view the alerts generated by the virtual machines during the last five days. What should you do?
Options
- AChange the rule expiration date of the suppression rule.
- BChange the state of the suppression rule to Disabled.
- CModify the filter for the Security alerts page.
- DView the Windows event logs on the virtual machines.
Explanation
Suppressed alerts will be hidden in Azure Security Center, Azure Sentinel and third-party SIEM solutions, but will still be reachable if needed later on with dismissed state. So you have to modify the filter to display dismissed alerts and not the "Active" one. https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/suppression-rules-for-azure- security-center-alerts-are-now/ba-p/1404920
Topics
Community Discussion
No community discussion yet for this question.