ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 6 question 7 discussion

Actual exam question from Microsoft's SC-200
Question #: 7
Topic #: 6
[All SC-200 Questions]

HOTSPOT
-

You have a Microsoft 365 subscription that uses Microsoft Defender XDR and contains a Windows device named Device1.

You investigate a suspicious process named Prod on Device1 by using a live response session.

You need to perform the following actions:

• Stop Prod.
• Send Prod for further review.

Which live response command should you run for each action? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by nzxt610 at April 30, 2024, 11:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nzxt610
Highly Voted 11 months, 3 weeks ago
Correct: https://learn.microsoft.com/en-us/defender-endpoint/live-response#live-response-commands
upvoted 9 times
...
g_man_rap
Highly Voted 8 months ago
Stop Proc1: Select: remediate Reason: The remediate command in Microsoft Defender XDR is used to stop a process or remediate a threat. This is the appropriate command to stop the suspicious process named Prod. Send Proc1 for further review: Select: getfile Reason: The getfile command is used to collect a file or process for further analysis. This command is appropriate when you want to send the process or its related files for further review.
upvoted 8 times
...
Adel614
Most Recent 1 week ago
Be careful here, PROC1 is not a file, but a process. It doesn't make any sense to download a process: a process is a computer program being executed. Therefore, the answer is: 1. remediate 2. analyze Refs: - https://learn.microsoft.com/en-us/defender-endpoint/live-response - https://learn.microsoft.com/en-us/defender-endpoint/live-response-command-examples#analyze
upvoted 1 times
...
Optimizor_IT
1 week, 5 days ago
Remediate and getfile.
upvoted 1 times
...
Onimole
1 month, 1 week ago
2nd tab is get file - Get a file from the device For scenarios when you'd like get a file from a device you're investigating, you can use the getfile command. This allows you to save the file from the device for further investigation https://learn.microsoft.com/en-us/defender-endpoint/live-response#live-response-commands
upvoted 1 times
...
sapphire
5 months, 1 week ago
Correct answers provided.
upvoted 1 times
...
smanzana
8 months, 3 weeks ago
Remediate Getfile
upvoted 3 times
...
smosmo
10 months, 2 weeks ago
might be getfile for the 2. as well....analyze will check a file but not send it , right?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago