🔥 3-day streak
Microsoft Security Operations Analyst12 / 190
Question 12 of 190
During an active investigation, a SOC analyst identifies a suspicious executable running on an onboarded Windows device in Microsoft Defender for Endpoint. The analyst needs to retrieve the actual binary from the device for offline malware analysis in a sandbox, while the device remains online. Which action should the analyst take?
Reviewed for accuracy · Report an issueNext question