🔥 3-day streak
Microsoft Cybersecurity Architect Expert55 / 158
Question 55 of 158
A financial services company runs Microsoft Defender XDR integrated with Microsoft Sentinel. The SOC reports that analysts are overwhelmed by a high volume of low-fidelity incidents, many of which are generated when multiple correlated alerts (sign-in anomalies, suspicious inbox rules, and impossible-travel events) are surfaced as separate incidents rather than a single actionable incident. The security architect must reduce alert fatigue while preserving the ability to detect genuine multi-stage attacks. Which design approach best meets this requirement?
Reviewed for accuracy · Report an issueNext question