SC-200 Manage a security operations environment • Set 34
SC-200 Manage a security operations environment Practice Test 34 — 15 questions with explanations. Free, no signup.
Your organization uses Microsoft Sentinel and Microsoft Defender for Cloud Apps to monitor cloud application usage. You have a custom analytics rule that detects multiple failed login attempts from different IP addresses for the same user within 5 minutes. This rule generates an incident. The security team wants to automatically suspend the user in Microsoft Entra ID (formerly Azure AD) when such an incident is created, but only if the user is not a member of the 'Emergency Access' group. You need to implement this automation. You have already created the analytics rule. What should you do next?