SC-200 • Practice Exam 55
Free SC-200 practice exam — 20 questions with explanations. Set 55. No signup required.
A SOC analyst receives an alert from Microsoft Defender for Cloud Apps indicating that a user downloaded 500 GB of data from SharePoint to an unmanaged device. The user has no history of such behavior. What is the best first step in the incident response process?