Q: 2
You need to receive a security alert when a user attempts to sign in from a location that was never
used by the other users in your organization to sign in.
Which anomaly detection policy should you use?
Options
Discussion
Makes sense to go with C. The "infrequent country" detection catches when a location is new for the org, not just a user. Not 100 percent sure but fits what the question asks for.
Option C is the one. "Impossible travel" (A) checks for impossible timing between two locations, but not necessarily if the country was never accessed by anyone before. The question wants an org-wide anomaly, so C fits better. Seen this tripped up in similar MS practice sets.
I don’t think it’s A. B is more about anonymous IPs, not new locations. A (Impossible travel) focuses on impossible transit between sign-ins, so it doesn’t quite match the org-wide "never used" requirement.
Had something like this in a mock, pretty sure C is right. "Activity from infrequent country" flags when nobody in the org has signed in from that location before. A is more about impossible user travel, not new org-wide locations. Agree?
C for this one. "Activity from infrequent country" specifically alerts when nobody in the org has signed in from that spot before. Pretty sure that's what they're asking about here, not individual user travel like in A. Anyone see evidence for a different option?
C tbh. A is a common trap here, but Impossible travel is about impossible timing for logins, not new org-wide locations. C fits since it's flagged when no one in the org has signed in from that place before. Think that's right but open to other takes.
C or A? I get why folks pick C since that's triggered by a sign-in from a country the org hasn't seen before. But A (Impossible travel) does flag jumps, though it's more about user behavior than org-wide patterns. I'm leaning C, but not 100% sure if Impossible travel can ever alert here too.
A (Impossible travel) makes more sense to me since it's all about detecting sign-ins from unexpected locations, even if they're just new for the user. Don't think "infrequent country" is the right trigger for this one.
C tbh, official docs and practice exams both mention "infrequent country" for this org-wide scenario.
Probably C
Be respectful. No spam.
