SY0-701 Security Operations • Set 9
SY0-701 Security Operations Practice Test 9 — 15 questions with explanations. Free, no signup.
A help desk ticket confirms that a user entered corporate credentials into a fake sign-in page. Minutes later, the security team finds a new mailbox forwarding rule and evidence that the attacker added backup MFA codes. After disabling the account, what should the team do next to support containment and recovery?