SC-200 • Exam Simulation 1 — 100 Questions
Free SC-200 exam simulation 1 — 100 questions with explanations. No signup required.
An organization uses Microsoft 365 Defender. During an incident, the analyst wants to automatically isolate a compromised device from the network while allowing communication with a specific list of trusted IP addresses (e.g., for patching). Which action in an automated investigation and response (AIR) playbook for endpoints can achieve this?