Microsoft Security Operations Analyst Associate SC-200 Practice Question
You are investigating a suspected mailbox compromise. Your goal is to verify whether anyone other than the mailbox owner has viewed messages in the mailbox during the last seven days and to learn the source IP address that was used. You decide to run a search in the Microsoft Purview compliance portal's unified audit log. Which audit-log activity and field combination will give you the required evidence in a single record?
Filter for the AzureActiveDirectoryStsLogon activity and read the IPAddress field.
Filter for the MailboxLogin activity and read the DeviceId field.
Filter for the MailItemsAccessed activity and read the ClientIP field.
Filter for the ExchangeAdmin activity and read the MailboxAccessType field.
The MailItemsAccessed activity is logged whenever any user or process opens or previews a message in an Exchange Online mailbox. Each MailItemsAccessed record contains a ClientIP property that stores the IP address from which the access occurred, allowing you to tie the item access to a specific network location. MailboxLogin events record only the act of signing in, not item access, and ExchangeAdmin or Azure AD sign-in events do not show when individual mailbox items were opened.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Microsoft Purview compliance portal used for?
Open an interactive chat with Bash
What is the MailItemsAccessed activity and why is it important?
Open an interactive chat with Bash
How does the ClientIP field help in investigations?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .