🔥 3-day streak
Microsoft Security Operations Analyst106 / 190
Question 106 of 190
A SOC analyst is investigating a Microsoft Defender XDR incident that includes an alert triggered when an account named 'svc-backup-legacy' authenticated from an unusual workstation. The account was intentionally created by the security team as a deception lure with no legitimate use. The analyst wants any future authentication activity involving this account to be automatically flagged as high-priority and clearly identified as deception-related across investigations. Which action best supports this goal in Microsoft Defender XDR / Defender for Identity?
Reviewed for accuracy · Report an issueNext question