🔥 3-day streak
Microsoft Security Operations Analyst11 / 190
Question 11 of 190
A high-severity incident in Microsoft Defender XDR involves a suspicious executable that ran on a Windows workstation. Automated investigation has already completed, and the Investigation graph shows the entity was classified with a verdict of 'No threats found'. However, as the SOC analyst you have external threat intelligence indicating this exact file hash is a newly weaponized loader. You need to force remediation on the affected device without waiting for a new automated investigation to trigger. Which action should you take first?
Reviewed for accuracy · Report an issueNext question