🔥 3-day streak
Microsoft Security Operations Analyst65 / 190
Question 65 of 190
During an incident investigation in Microsoft Defender XDR, you determine that a compromised service principal may have programmatically queried directory objects and mailbox metadata through the Microsoft Graph API. You need to identify exactly which Graph API endpoints the application called, the HTTP methods used, and the timestamps of each request to scope the blast radius. Which data source should you query?
Reviewed for accuracy · Report an issueNext question