A device shows suspicious behavior, and the responder must inspect artifacts and run approved remote investigation commands without physically accessing the machine. Which action should the responder take first?
More Respond to security incidents Questions
73 questions
Full Microsoft Certified: Security Operations Analyst Associate Practice Test
All topics covered
All Microsoft Certified: Security Operations Analyst Associate Questions
Browse by topic
Related Questions
Which Microsoft Purview capability is used to investigate user and admin activities across Microsoft...
In Microsoft Defender for Endpoint, which feature shows a chronological record of activity on a devi...
Which Defender for Endpoint capability allows an analyst to open an interactive remote session on a ...
A security analyst needs to investigate compromised identities detected by Microsoft services. Which...
What is the primary purpose of case management during a security investigation?...
Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy
Discussion
Be the first to share your understanding of this concept
Sign in to join the discussion