Microsoft Security Operations Analyst Associate SC-200 Practice Question
While investigating an alert in Microsoft Defender for Cloud Apps, you discover that a newly consented OAuth application named "MailAnalytics" has been granted the Mail.ReadWrite permission by multiple users. You must immediately block the application's access to your Microsoft 365 data, but you also want to retain the application record so that you can continue your investigation later. Which remediation action in the Defender for Cloud Apps portal should you perform?
The Revoke app action in Microsoft Defender for Cloud Apps invalidates the application's existing OAuth refresh and access tokens in Microsoft Entra ID. This immediately blocks any further access to Microsoft 365 data by that app while preserving the application's entry in the OAuth apps list, allowing analysts to keep investigating its properties, users, and activity history.
The Delete app action permanently removes the record from Defender for Cloud Apps and therefore is not appropriate when you still need to investigate it. Unsanction is used for discovered SaaS applications and does not affect OAuth tokens that have already been granted. Disable user targets a user account rather than the risky application itself, so it does not directly stop the OAuth app from accessing data granted by other users.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are OAuth refresh and access tokens?
Open an interactive chat with Bash
What is the difference between Revoke app and Unsanction app?
Open an interactive chat with Bash
How does Microsoft Defender for Cloud Apps help in investigating risky applications?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .