Microsoft Cybersecurity Architect Expert SC-100

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Implement a combination of monitoring user activities, conducting a thorough investigation, and applying targeted containment and mitigation measures, such as revoking specific access privileges or isolating affected systems, while notifying relevant stakeholders to ensure compliance and business continuity.

Option D is the most comprehensive and effective approach. It balances the need for immediate action with the importance of understanding the scope of the threat, ensuring compliance with data protection laws, and minimizing operational disruption. By combining monitoring, investigation, and targeted mitigation, the organization can address the threat effectively while maintaining business continuity and adhering to regulatory requirements. Options A, B, and C each address parts of the solution but fail to provide a complete approach that meets all the organization's constraints.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization is using Microsoft 365 and has recently identified a potential data exfiltration attempt. The security team is tasked with investigating and mitigating this threat. The organization operates in a highly regulated industry, requiring strict compliance with data protection laws. Additionally, the solution must minimize operational disruption and ensure business continuity. Given these constraints, which of the following steps should be taken to effectively investigate and mitigate the threat? (Choose the best single option)

Simulated

Immediately revoke all user access privileges to prevent further data loss, without analyzing the situation, to ensure compliance with data protection laws.

0.0%

Monitor and analyze user activities and access patterns using Microsoft 365's built-in security tools to identify potential data exfiltration activities, ensuring minimal operational disruption.

0.0%

Conduct a thorough investigation to determine the scope and impact of the data exfiltration attempt, including identifying the compromised data or resources, but delay any mitigation actions until the investigation is complete to avoid unnecessary operational disruptions.

Implement a combination of monitoring user activities, conducting a thorough investigation, and applying targeted containment and mitigation measures, such as revoking specific access privileges or isolating affected systems, while notifying relevant stakeholders to ensure compliance and business continuity.