SC-200 Respond to security incidents • Set 21
SC-200 Respond to security incidents Practice Test 21 — 15 questions with explanations. Free, no signup.
You are investigating a potential ransomware incident in Microsoft Defender XDR. The incident has a high severity alert indicating that a user installed a suspicious application. Which initial response action should you take to contain the threat while preserving evidence?