🔥 3-day streak
Microsoft Security Operations Analyst130 / 190
Question 130 of 190

A SOC analyst is investigating a suspected illicit consent grant attack. An Entra ID alert indicates a user consented to a newly registered third-party application that then began enumerating mailbox contents through the Microsoft Graph API. The analyst needs to confirm exactly which Graph API endpoints the application called and the timestamps of those calls, on behalf of the compromised user, to scope the data accessed. Which data source should the analyst query to obtain this detail?

Reviewed for accuracy · Report an issueNext question