You have the following advanced hunting query in Microsoft 365 Defender.
You need to receive an alert when any process disables System Restore on a device managed by Microsoft Defender during the last 24 hours.
Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A . Create a detection rule.
B . Create a suppression rule.
C . Add | order by Timestamp to the query.
D . Replace DeviceProcessEvents with DeviceNetworkEvents.
E . Add DeviceId and ReportId to the output of the query.
Answer: AE
Explanation:
Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/custom-detection- rules
Latest SC-200 Dumps Valid Version with 75 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund