Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

You have an on-premises network.

  1. Home
  2. Microsoft
  3. Microsoft Certified: Security Operations Analyst Associate
  4. SC-200
  5. SC-200 Questions
  6. Microsoft Security Operations Analyst Practice Questions

You have an on-premises network.

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity.

From the Microsoft Defender portal, you investigate an incident on a device named Device1 of a user named User1. The incident contains the following Defender for Identity alert.

Suspected identity theft (pass-the-ticket) (external ID 2018)

You need to contain the incident without affecting users and devices. The solution must minimize administrative effort.

What should you do?

A.

Disable User 1 only.

B.

Quarantine Device1 only.

C.

Reset the password for all the accounts that previously signed in to Device1.

D.

DisableUser1 and quarantine Device1.

E.

Disable User1, quarantine Device1, and reset the password for all the accounts that previously signed in to Device1.

Microsoft SC-200 View All Questions

Microsoft SC-200 Summary

  • Vendor: Microsoft
  • Product: SC-200
  • Update on: Jul 30, 2025
  • Questions: 370
Price: $52.5  $149.99
Buy Now SC-200 PDF + Testing Engine Pack
Next
You need to implement the Azure Information Protection requirements.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender XDR and contains a...
Previous

Payments We Accept

Your purchase with ExamsVCE is safe and fast. Your products will be available for immediate download after your payment has been received.
The ExamsVCE website is protected by 256-bit SSL from McAfee, the leader in online security.

examsvce payment method

Contact Us

Copyright © 2013-2025 examsvce.com. All Rights Reserved
mcafee secure

TESTED 02 Aug 2025