🔥 3-day streak
Microsoft 365 Administrator34 / 119
Question 34 of 119

During an active investigation, your SOC analyst identifies a suspicious executable running on an onboarded Windows workstation in Microsoft Defender for Endpoint. The analyst needs to remotely connect to the device to collect the file for forensic analysis and run commands to inspect running processes, without physically accessing the machine or waiting for the user. Which Defender for Endpoint capability should the analyst use?

Reviewed for accuracy · Report an issueNext question