🔥 3-day streak
Microsoft Security Operations Analyst52 / 190
Question 52 of 190
During an incident investigation in Microsoft Defender XDR, you determine that several users received a phishing email containing a URL that was initially rated as clean but was later confirmed malicious after delivery. You need to confirm whether any user actually clicked the link and, if so, block future clicks on that URL organization-wide without waiting for a new email campaign. Which action best meets both requirements?
Reviewed for accuracy · Report an issueNext question