SC-200 - Respond to Security Incidents - Section 2.4
Investigate complex attacks, including multi-stage, multi-domain, and lateral movement scenarios.
Analyse multi-stage, multi-domain incidents by reading the incident graph and attack story in Microsoft Defender XDR to reconstruct attacker progression and lateral movement paths. Use correlated alerts across Defender workloads to distinguish individual alert noise from a coordinated attack chain and prioritise containment.
multi-stage attacksmulti-domain incidentslateral movementincident graph and attack storycorrelated alerts across Microsoft Defender XDR
More in this domain
Back to all Respond to Security Incidents objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.