Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Respond to security incidents practice sets

SC-200 Respond to security incidents • Set 14

SC-200 Respond to security incidents Practice Test 14 — 15 Questions

SC-200 Respond to security incidents Practice Test 14 — 15 questions with explanations. Free, no signup.

15
Questions
Free
No signup
Certifications/SC-200/Practice Test/Respond to security incidents/Set 14
Question 1 of 150 answered
medium

Your organization uses Microsoft Sentinel with Microsoft Defender XDR integrated. A critical incident has been raised involving a user account that was used to access a confidential SharePoint site from an unusual location at 2:00 AM. The incident includes alerts from Microsoft Defender for Cloud Apps, Microsoft Defender for Identity, and Microsoft Defender for Office 365. The analyst needs to contain the incident, investigate the scope, and begin remediation. The environment has the following: Microsoft Entra ID with conditional access policies, Microsoft Intune for device management, and Microsoft Defender for Endpoint on all devices. The analyst has identified the user account and the device used. Which course of action should the analyst take first?

Scored session

Track progress, bookmark weak spots, and get readiness analysis.

Start full session

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SC-200 Practice Test 1 — 10 Questions→SC-200 Practice Test 2 — 10 Questions→SC-200 Practice Test 3 — 10 Questions→SC-200 Practice Test 4 — 10 Questions→SC-200 Practice Test 5 — 10 Questions→SC-200 Practice Exam 1 — 20 Questions→SC-200 Practice Exam 2 — 20 Questions→SC-200 Practice Exam 3 — 20 Questions→SC-200 Practice Exam 4 — 20 Questions→Free SC-200 Practice Test 1 — 30 Questions→Free SC-200 Practice Test 2 — 30 Questions→Free SC-200 Practice Test 3 — 30 Questions→SC-200 Practice Questions 1 — 50 Questions→SC-200 Practice Questions 2 — 50 Questions→SC-200 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Manage a security operations environmentRespond to security incidentsPerform threat huntingMitigate threats using Microsoft Defender XDRMitigate threats using Microsoft Defender for CloudMitigate threats using Microsoft Sentinel

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Respond to security incidents setsAll Respond to security incidents questionsSC-200 Practice Hub