🔥 3-day streak
Microsoft Security Operations Analyst108 / 190
Question 108 of 190
A Microsoft Defender XDR incident correlates alerts from Defender for Endpoint (malware on a workstation), Microsoft Defender for Office 365 (a phishing email that delivered the payload), and Entra ID Protection (a risky sign-in from the affected user account shortly afterward). Your SOC lead asks you to take the single response action that will most quickly interrupt the attacker's active use of the compromised account across cloud sessions while investigation continues. Which action should you take from the incident?
Reviewed for accuracy · Report an issueNext question