Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Microsoft Exam SC-200 Topic 3 Question 85 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 85
Topic #: 3
[All SC-200 Questions]

You have a Microsoft 365 E5 subscription that contains a device named Device 1. Device 1 is enrolled in Microsoft Defender for End point.

Device1 reports an incident that includes a file named File1 exe as evidence.

You initiate the Collect Investigation Package action and download the ZIP file.

You need to identify the first and last time File1.exe was executed.

What should you review in the investigation package?

Show Suggested Answer Hide Answer
Suggested Answer: E

by Norah at Sep 14, 2024, 02:56 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Fletcher
2 months ago
Ah, the security event log, the all-knowing, all-seeing oracle of IT. If this was a crime scene, it would be the one witness that never lies. Option D, without a doubt!
upvoted 0 times
Fernanda
21 days ago
D) Security event log
upvoted 0 times
...
Thad
22 days ago
Definitely the Security event log, it's the key to solving this mystery.
upvoted 0 times
...
Leah
24 days ago
E) Prefetch files
upvoted 0 times
...
Beckie
26 days ago
D) Security event log
upvoted 0 times
...
Willard
1 months ago
C) Autoruns
upvoted 0 times
...
Arlie
1 months ago
B) Scheduled tasks
upvoted 0 times
...
Alishia
1 months ago
A) Processes
upvoted 0 times
...
...
Gladys
2 months ago
I bet the person who came up with 'Scheduled tasks' as an option is the same one who thought Microsoft Bob was a good idea. Security event log is the way to go, my friends.
upvoted 0 times
...
Nieves
2 months ago
Hmm, let's see. Autoruns might show some interesting stuff, but for a specific file, the event log is the obvious choice. This is like security incident investigation 101.
upvoted 0 times
Darrel
1 months ago
Let's check the Security event log in the investigation package.
upvoted 0 times
...
Royce
2 months ago
Agreed, that's where we can find the first and last time File1.exe was executed.
upvoted 0 times
...
Odette
2 months ago
I think we should review the Security event log.
upvoted 0 times
...
...
Micaela
2 months ago
I believe we should also check the security event log for more information.
upvoted 0 times
...
Bulah
3 months ago
I agree with Terrilyn, processes can help us identify when File1.exe was executed.
upvoted 0 times
...
Dierdre
3 months ago
Seriously? Prefetch files? What is this, Windows XP? As if those would give you any useful info about a security incident. Option D all the way!
upvoted 0 times
Carman
2 months ago
Definitely, Security event log will provide the most accurate information about the execution of File1.exe.
upvoted 0 times
...
Ilona
2 months ago
Yeah, Security event log is more reliable for identifying when File1.exe was executed.
upvoted 0 times
...
Glendora
2 months ago
I agree, Prefetch files are outdated. Security event log is the way to go.
upvoted 0 times
...
...
Mari
3 months ago
The security event log is the way to go! If there's a file associated with an incident, the event log is where you'll find the execution details. This is a no-brainer for any security-savvy admin.
upvoted 0 times
Broderick
2 months ago
D) Security event log
upvoted 0 times
...
Chi
2 months ago
C) Autoruns
upvoted 0 times
...
Leeann
2 months ago
B) Scheduled tasks
upvoted 0 times
...
Penney
2 months ago
A) Processes
upvoted 0 times
...
...
Terrilyn
3 months ago
I think we should review the processes in the investigation package.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77