Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

A Microsoft Purview DLP policy flags several incidents in which the same user repeatedly tries to download sensitive GDPR-protected documents to an unmanaged device. You open the related incident in the Microsoft 365 Defender portal and go to the Entities tab, where the user account appears with a high risk score.

You need to immediately contain any further data-exfiltration risk from this potentially compromised user while you continue the investigation. Which response action should you take directly from the user-entity page?

  • Send a policy-tip email asking the user to confirm the activity.

  • Force a password reset that requires the user to create a new password before the next sign-in.

  • Set the user's risk level to High in Microsoft Entra ID.

  • Add the user to a Microsoft Purview restrictions role group.

Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot