Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Discussions
  3. Microsoft
  4. Microsoft Certified: Security Operations Analyst Associate
  5. SC-200 Discussions
  6. SC-200 Exam Topic 3 Question 27 Discussion
 Microsoft Discussions
Exam SC-200 All Questions
Exam SC-200 All Questions

View all questions & answers for the SC-200 exam

Go to Exam

Microsoft Certified: Security Operations Analyst Associate SC-200 Question # 27 Topic 3 Discussion

SC-200 Exam Topic 3 Question 27 Discussion:
Question #: 27
Topic #: 3

You have a Microsoft 365 E5 subscription that contains a device named Device 1. Device 1 is enrolled in Microsoft Defender for End point.

Device1 reports an incident that includes a file named File1 exe as evidence.

You initiate the Collect Investigation Package action and download the ZIP file.

You need to identify the first and last time File1.exe was executed.

What should you review in the investigation package?
A.

Processes

B.

Scheduled tasks

C.

Autoruns

D.

Security event log

E.

Prefetch files

Get Premium SC-200 Questions
Actual exam question for Microsoft SC-200 exam by Cyra8779 at May 4, 2026, 2:43:11 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit