Microsoft 365 Mobility and Security (legacy) — Question 15

You have a Microsoft 365 subscription that uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
All the devices in your organization are onboarded to Microsoft Defender ATP.
You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.
What should you do?

Answer options

• A. From Alerts queue, create a suppression rule and assign an alert
• B. From the Security & Compliance admin center, create an audit log search
• C. From Advanced hunting, create a query and a detection rule
• D. From the Security & Compliance admin center, create a data loss prevention (DLP) policy

Correct answer: C

Explanation

The correct answer is C because creating a query and a detection rule in Advanced hunting allows for real-time monitoring and alert generation based on detected malicious activity. The other options do not specifically address the need for immediate alerts based on recent malicious activity; suppression rules, audit log searches, and DLP policies serve different purposes that do not align with the requirement of alerting for detected threats.