SC-200 · Question #298
SC-200 Question #298: Real Exam Question with Answer & Explanation
Sign in or unlock SC-200 to reveal the answer and full explanation for question #298. The question stem and answer options stay visible for context.
Question
You have an on-premises network. You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Identity. From the Microsoft Defender portal, you investigate an incident on a device named Device1 of a user named User1. The incident contains the following Defender for Identity alert. Suspected identity theft (pass-the-ticket) (external ID 2018) You need to contain the incident without affecting users and devices. The solution must minimize administrative effort. What should you do?
Options
- ADisable User1 only.
- BQuarantine Device1 only.
- CReset the password for all the accounts that previously signed in to Device1.
- DDisable User1 and quarantine Device1.
- EDisable User1, quarantine Device1, and reset the password for all the accounts that previously
Unlock SC-200 to see the answer
You've previewed enough free SC-200 questions. Unlock SC-200 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.