Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

Discussions
  1. Home
  2. Discussions
  3. Microsoft
  4. Microsoft Certified: Security Operations Analyst Associate
  5. SC-200 Discussions
  6. SC-200 Exam Topic 3 Question 26 Discussion
 Microsoft Discussions
Exam SC-200 All Questions
Exam SC-200 All Questions

View all questions & answers for the SC-200 exam

Go to Exam

Microsoft Certified: Security Operations Analyst Associate SC-200 Question # 26 Topic 3 Discussion

SC-200 Exam Topic 3 Question 26 Discussion:
Question #: 26
Topic #: 3

You have 1,000 on-premises Windows 11 Pro devices that are onboarded to Microsoft Defender for Endpoint. You have a Microsoft 365 subscription that uses Microsoft Defender XDR. You identify that an attacker performed the following actions on a device:

• Modified the file system path of a registry-based antivirus exclusion

• Downloaded a malicious file to the file system path

You initiate a live response session on the device. You need to undo the registry change. Which command should you run?
A.

analyze

B.

registry

C.

remediate

D.

scan

Get Premium SC-200 Questions
Actual exam question for Microsoft SC-200 exam by Eris14283 at Jan 31, 2025, 10:26:58 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit