Microsoft Security Operations Analyst Associate SC-200 Practice Question
You are investigating several high-severity Microsoft Purview Data Loss Prevention (DLP) alerts that all involve the same user account. Evidence indicates that the account is compromised and is still attempting to exfiltrate sensitive information. From the User page in Microsoft 365 Defender, you need to take an immediate action that blocks the account in Microsoft Entra ID so that no new sign-in attempts can succeed while you continue gathering evidence. Which response action should you choose?
Require the user to change the password at the next sign-in.
Run a Microsoft Purview content search to locate additional sensitive files.
Add the user's mailbox to the Exchange Online restricted users list to block outbound email.
Disable the user account to block all new sign-in requests until it is re-enabled.
Choosing the Disable user response action on the User page sends a request to Microsoft Entra ID to set the account's sign-in status to blocked. This prevents any new authentication attempts until the account is re-enabled. Note that existing sessions can continue until their tokens expire or are revoked separately, but disabling the user is still the fastest way from Microsoft 365 Defender to stop additional sign-ins. Requiring a password change does not end current sessions, a content search only collects evidence, and placing the mailbox on the Restricted Users list affects email flow but does not stop the user from accessing other Microsoft 365 services.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Microsoft Purview Data Loss Prevention (DLP)?
Open an interactive chat with Bash
What happens to existing sessions when a Microsoft Entra ID account is disabled?
Open an interactive chat with Bash
How does the Exchange Online Restricted Users list differ from disabling a Microsoft Entra ID account?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .