SC-200 • Mock Exam 83
Free SC-200 mock exam — 25 questions with explanations. Set 83. No signup required.
Your organization uses Microsoft Sentinel for security operations. The SOC team receives an incident that was generated from a Microsoft Defender for Cloud Apps alert. The incident involves a user who is downloading a large number of files from SharePoint Online. The analyst needs to suspend the user's account immediately to stop the potential data exfiltration. The organization has a Microsoft Sentinel playbook that can suspend a user in Microsoft Entra ID. However, the playbook is not triggering automatically. You need to ensure that the playbook runs automatically whenever a Defender for Cloud Apps alert generates an incident in Sentinel. What should you configure?