BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft Exam SC-200 Topic 3 Question 85 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 85
Topic #: 3
[All SC-200 Questions]

You have a Microsoft 365 E5 subscription that contains a device named Device 1. Device 1 is enrolled in Microsoft Defender for End point.

Device1 reports an incident that includes a file named File1 exe as evidence.

You initiate the Collect Investigation Package action and download the ZIP file.

You need to identify the first and last time File1.exe was executed.

What should you review in the investigation package?

Show Suggested Answer Hide Answer
Suggested Answer: E

by Norah at Sep 14, 2024, 02:56 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Fletcher
24 days ago
Ah, the security event log, the all-knowing, all-seeing oracle of IT. If this was a crime scene, it would be the one witness that never lies. Option D, without a doubt!
upvoted 0 times
Willard
1 days ago
C) Autoruns
upvoted 0 times
...
Arlie
2 days ago
B) Scheduled tasks
upvoted 0 times
...
Alishia
12 days ago
A) Processes
upvoted 0 times
...
...
Gladys
1 months ago
I bet the person who came up with 'Scheduled tasks' as an option is the same one who thought Microsoft Bob was a good idea. Security event log is the way to go, my friends.
upvoted 0 times
...
Nieves
1 months ago
Hmm, let's see. Autoruns might show some interesting stuff, but for a specific file, the event log is the obvious choice. This is like security incident investigation 101.
upvoted 0 times
Darrel
8 days ago
Let's check the Security event log in the investigation package.
upvoted 0 times
...
Royce
18 days ago
Agreed, that's where we can find the first and last time File1.exe was executed.
upvoted 0 times
...
Odette
21 days ago
I think we should review the Security event log.
upvoted 0 times
...
...
Micaela
2 months ago
I believe we should also check the security event log for more information.
upvoted 0 times
...
Bulah
2 months ago
I agree with Terrilyn, processes can help us identify when File1.exe was executed.
upvoted 0 times
...
Dierdre
2 months ago
Seriously? Prefetch files? What is this, Windows XP? As if those would give you any useful info about a security incident. Option D all the way!
upvoted 0 times
Carman
21 days ago
Definitely, Security event log will provide the most accurate information about the execution of File1.exe.
upvoted 0 times
...
Ilona
1 months ago
Yeah, Security event log is more reliable for identifying when File1.exe was executed.
upvoted 0 times
...
Glendora
1 months ago
I agree, Prefetch files are outdated. Security event log is the way to go.
upvoted 0 times
...
...
Mari
2 months ago
The security event log is the way to go! If there's a file associated with an incident, the event log is where you'll find the execution details. This is a no-brainer for any security-savvy admin.
upvoted 0 times
Broderick
1 months ago
D) Security event log
upvoted 0 times
...
Chi
1 months ago
C) Autoruns
upvoted 0 times
...
Leeann
1 months ago
B) Scheduled tasks
upvoted 0 times
...
Penney
2 months ago
A) Processes
upvoted 0 times
...
...
Terrilyn
2 months ago
I think we should review the processes in the investigation package.
upvoted 0 times
...

Save Cancel