SC-200 • Timed Practice Test 1
This is a timed practice session. You have 10 minutes to answer 10 questions — approximately 1 minute per question, matching real SC-200 exam pace. Answer every question before time expires.
Time remaining
10:00
Exam-pace drill
Allow 1 minute per question. On the real SC-200 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
An organization uses Microsoft 365 Defender. During an incident, the analyst wants to automatically isolate a compromised device from the network while allowing communication with a specific list of trusted IP addresses (e.g., for patching). Which action in an automated investigation and response (AIR) playbook for endpoints can achieve this?