Microsoft Security Operations Analyst — Question 61

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

You need to implement deception rules. The solution must ensure that you can limit the scope of the rules.

What should you create first?

Answer options

• A. device groups
• B. device tags
• C. honeytoken entity tags
• D. sensitive entity tags

Correct answer: B

Explanation

Creating device tags is the first step as it allows you to categorize devices, which helps in applying the deception rules effectively. Device groups are broader and do not provide the same level of specificity needed for limiting rule scope. Honeytoken and sensitive entity tags are relevant but come after establishing device tags for proper organization.