Valid 212-89 Dumps shared by EduDump.com for Helping Passing 212-89 Exam! EduDump.com now offer the newest 212-89 exam dumps, the EduDump.com 212-89 exam questions have been updated and answers have been corrected get the newest EduDump.com 212-89 dumps with Test Engine here:
An Azure administrator discovers unauthorized access to a storage account containing sensitive documents. The initial investigation suggests compromised credentials. In response to this incident, what should be the administrator's first action to secure the account?
Correct Answer: B
Comprehensive and Detailed Explanation (ECIH-aligned): This incident indicates credential compromise, a common cloud security issue addressed in the ECIH Cloud Incident Handling module. When credentials are suspected to be compromised, the immediate priority is to stop unauthorized access and determine the scope of misuse. Option B is correct because resetting the compromised credentials immediately cuts off the attacker's access. Reviewing recent access logs allows responders to validate what actions were taken, which data was accessed, and whether additional accounts were affected. ECIH emphasizes immediate credential revocation as a first- response action in identity-based cloud incidents. Option D (enabling MFA) is a critical hardening measure but does not immediately revoke compromised credentials. Option A is a recovery step that may not stop ongoing access. Option C may be necessary later but should not delay immediate containment. Therefore, resetting credentials and reviewing logs is the most effective first action, fully aligned with ECIH guidance.