Respond to security incidents Questions
Practice questions for Respond to security incidents topic in Microsoft Certified: Security Operations Analyst Associate. 73 questions covering this domain.
A cloud security analyst needs to investigate risky activity in sanctioned SaaS applications and user sessions. Which Microsoft security product is th...
A device shows suspicious behavior, and the responder must inspect artifacts and run approved remote investigation commands without physically accessi...
An endpoint investigation requires examining suspicious files, processes, URLs, and IP addresses as related evidence. Which Defender for Endpoint capa...
Which Defender for Endpoint capability allows an analyst to open an interactive remote session on a device for investigation actions?
In Microsoft Defender for Endpoint, which feature shows a chronological record of activity on a device during an investigation?
What is the primary purpose of case management during a security investigation?
An analyst needs to investigate threat activity generated through API calls and application access patterns across Microsoft services. Which log sourc...
A team wants AI assistance directly in the incident workflow to summarize findings and help investigate complex attacks. Which capability is reference...
An analyst needs a packaged snapshot of device investigation data for offline review after suspicious activity is detected. Which Defender for Endpoin...
A SOC receives an incident involving malicious email delivery, phishing links, and suspicious mailbox activity. Which Microsoft workload is most direc...
An investigation requires reviewing mailbox and SharePoint content to look for specific malicious or sensitive items tied to a suspected campaign. Whi...
A threat investigation requires both searching Microsoft 365 content for malicious artifacts and reviewing audited user activity related to the same c...
Which Microsoft Purview capability is used to investigate user and admin activities across Microsoft 365 services through audit logs?
A security lead wants one place to review investigation status, document actions taken, and maintain the incident history for escalation. Which practi...
A security analyst needs to investigate compromised identities detected by Microsoft services. Which product area is directly called out in the SC-200...
An incident spans email compromise, identity abuse, endpoint execution, and lateral movement. Which Microsoft investigation experience is designed to ...
An incident involves suspicious operations inside Azure workloads and cloud resources that are protected by workload protections. Which product area s...
An analyst sees an incident that has already had containment actions taken automatically across workloads and now needs to assess scope and continue r...
A responder needs to prevent unsigned executables from running on a compromised Windows endpoint while leaving signed/trusted apps usable during inves...
An incident chain shows a phishing email delivered, credentials harvested, OAuth grant abuse, and risky sign-ins from impossible locations. Which comb...
Sign in to see all 73 questions
Create a free account to browse all questions — completely free during our launch phase.