SC-200 Respond to security incidents • Set 23
SC-200 Respond to security incidents Practice Test 23 — 15 questions with explanations. Free, no signup.
A security analyst receives an alert from Microsoft Defender for Cloud Apps indicating that a user from the finance department downloaded 500 files from SharePoint Online in 10 minutes. The analyst needs to determine if this is a true positive and, if so, contain the incident. Which action should the analyst take first?