Q: 2
You need to receive a security alert when a user attempts to sign in from a location that was never
used by the other users in your organization to sign in.
Which anomaly detection policy should you use?
Options
Discussion
Option C is the one. "Impossible travel" (A) checks for impossible timing between two locations, but not necessarily if the country was never accessed by anyone before. The question wants an org-wide anomaly, so C fits better. Seen this tripped up in similar MS practice sets.
C or A? I get why folks pick C since that's triggered by a sign-in from a country the org hasn't seen before. But A (Impossible travel) does flag jumps, though it's more about user behavior than org-wide patterns. I'm leaning C, but not 100% sure if Impossible travel can ever alert here too.
C for this one. It matches the scenario since it looks for sign-ins from countries not used before by anyone in the org. Pretty sure that's what MS wants here.
Be respectful. No spam.
