Which anomaly detection policy should you use?

You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.

Which anomaly detection policy should you use?
A . Impossible travel
B . Activity from anonymous IP addresses
C . Activity from infrequent country
D . Malware detection

Answer: C

Explanation:

Activity from a country/region that could indicate malicious activity. This policy profiles your environment and triggers alerts when activity is detected from a location that was not recently or was never visited by any user in the organization. Activity from the same user in different locations within a time period that is shorter than the expected travel time between the two locations. This can indicate a credential breach, however, it’s also possible that the user’s actual location is masked, for example, by using a VPN.

Reference: https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

Latest SC-200 Dumps Valid Version with 75 Q&As

Latest And Valid Q&A | 90 Days Free Update | Once Fail, Full Refund

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>