SC-200 Respond to security incidents • Set 28
SC-200 Respond to security incidents Practice Test 28 — 15 questions with explanations. Free, no signup.
You are investigating a security incident in Microsoft Defender XDR where a user received a phishing email that bypassed Exchange Online Protection. The email contained a link to a credential harvesting page. After the user entered credentials, the attacker used them to sign in from an unusual location. You need to recommend an automated response to prevent further credential theft from similar emails. What should you implement?