Your organization is leveraging Microsoft 365 and has recently identified a potential insider threat. The security team is tasked with investigating and mitigating this threat effectively. The organization operates in a highly regulated industry, requiring strict compliance with data protection laws. Additionally, the solution must minimize operational disruption and ensure scalability to handle potential future incidents. Given these constraints, which of the following steps should be prioritized to address the insider threat comprehensively? (Choose the best single option)

Simulated

Immediately revoke all access privileges of the suspected insider to prevent any further potential damage, without conducting an initial analysis to avoid delays.

0.0%

Deploy an advanced threat protection solution across all Microsoft 365 services to monitor and analyze user activities and access patterns, ensuring compliance with data protection laws.

0.0%

Conduct a thorough investigation to determine the scope and impact of the insider threat, including identifying the compromised data or resources, while ensuring minimal operational disruption.

0.0%

Notify relevant stakeholders, including management, legal, and HR teams, before any investigation or mitigation steps are taken to ensure all actions are legally compliant.

0.0%

All of the above.

100.0%

Microsoft Cybersecurity Architect Expert SC-100

Comments

Get started today