SC-200 Respond to security incidents • Set 2
SC-200 Respond to security incidents Practice Test 2 — 15 questions with explanations. Free, no signup.
A security analyst receives a high-severity alert for a suspicious login from an unusual location. The alert was generated by Microsoft Sentinel from Microsoft Entra ID sign-in logs. The analyst needs to determine if the login was successful and if any data exfiltration occurred. What is the MOST efficient first step?