🔥 3-day streak
Microsoft Security Operations Analyst10 / 190
Question 10 of 190

During an incident investigation, you connect a live response session to a compromised Windows server and locate a suspicious executable at C:\Temp\svc-update.exe. Before you decide whether to quarantine it, you want to submit the file to Microsoft's cloud for a deep threat verdict directly from within the live response session, without downloading it to your local machine first. Which live response command should you run?

Reviewed for accuracy · Report an issueNext question