SC-200 Manage a security operations environment • Set 36
SC-200 Manage a security operations environment Practice Test 36 — 15 questions with explanations. Free, no signup.
You are a Microsoft Security Operations Analyst for a large enterprise with 50,000 users. Your organization uses Microsoft Defender XDR, Microsoft Sentinel, and Microsoft Defender for Cloud Apps. The security team has observed an increase in alerts related to SaaS applications (e.g., Box, Salesforce) accessed from unusual locations. You need to design a solution to automatically investigate and respond to these alerts. The solution should: (1) correlate user activity across multiple SaaS apps, (2) automatically isolate a user's account if the risk score exceeds 90, and (3) create an incident in Sentinel. Which approach should you use?