SC-200 • Practice Exam 68
Free SC-200 practice exam — 20 questions with explanations. Set 68. No signup required.
Your organization uses Microsoft Sentinel. A security analyst receives an alert from a custom analytics rule that triggers on a specific sequence of failed logon attempts followed by a successful logon from an unusual location. The incident is generated but the analyst is not sure if the activity is malicious or a user error. What should the analyst do first to quickly gather additional context?