Your organization is using Microsoft 365 and has recently identified a potential data exfiltration attempt. The security team is tasked with investigating and mitigating this threat. The organization operates in a highly regulated industry, requiring strict compliance with data protection laws. Additionally, the solution must minimize operational disruption and ensure business continuity. Given these constraints, which of the following steps should be taken to effectively investigate and mitigate the threat? (Choose the best single option)

Simulated

Immediately revoke all user access privileges to prevent further data loss, without analyzing the situation, to ensure compliance with data protection laws.

0.0%

Monitor and analyze user activities and access patterns using Microsoft 365's built-in security tools to identify potential data exfiltration activities, ensuring minimal operational disruption.

0.0%

Conduct a thorough investigation to determine the scope and impact of the data exfiltration attempt, including identifying the compromised data or resources, but delay any mitigation actions until the investigation is complete to avoid unnecessary operational disruptions.

0.0%

Implement a combination of monitoring user activities, conducting a thorough investigation, and applying targeted containment and mitigation measures, such as revoking specific access privileges or isolating affected systems, while notifying relevant stakeholders to ensure compliance and business continuity.

0.0%

All of the above.

100.0%

Microsoft Cybersecurity Architect Expert SC-100

Get started today

Comments