SC-200 · Question #434
SC-200 Question #434: Real Exam Question with Answer & Explanation
The correct answer is D: remediate. Advanced commands The following commands are available for user roles that are granted the ability to run advanced live response commands. Remediates an entity on the device. The remediation action varies, depending on the entity type: - Process: stop, delete image file - Service
Question
You have 1,000 on-premises Windows 11 Pro devices that are onboarded to Microsoft Defender for Endpoint. You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You identify that an attacker performed the following actions on a device: - Modified the file system path of a registry-based antivirus exclusion - Downloaded a malicious file to the file system path You initiate a live response session on the device. You need to remove the malicious file. Which command should you run?
Options
- Acollect
- Bgetfile
- Cundo
- Dremediate
Explanation
Advanced commands The following commands are available for user roles that are granted the ability to run advanced live response commands. Remediates an entity on the device. The remediation action varies, depending on the entity type: - Process: stop, delete image file - Service: stop, delete image file - Registry entry: delete - Scheduled task: remove - Startup folder item: delete file https://learn.microsoft.com/en-us/defender-endpoint/live-response
Community Discussion
No community discussion yet for this question.