You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.
Which anomaly detection policy should you use?
A . Impossible travel
B . Activity from anonymous IP addresses
C . Activity from infrequent country
D . Malware detection
Activity from a country/region that could indicate malicious activity. This policy profiles your environment and triggers alerts when activity is detected from a location that was not recently or was never visited by any user in the organization. Activity from the same user in different locations within a time period that is shorter than the expected travel time between the two locations. This can indicate a credential breach, however, it’s also possible that the user’s actual location is masked, for example, by using a VPN.