SC-200 Respond to security incidents • Set 25
SC-200 Respond to security incidents Practice Test 25 — 15 questions with explanations. Free, no signup.
Your organization uses Microsoft Sentinel. A security analyst receives an alert from a custom analytics rule that triggers on a specific sequence of failed logon attempts followed by a successful logon from an unusual location. The incident is generated but the analyst is not sure if the activity is malicious or a user error. What should the analyst do first to quickly gather additional context?