🔥 3-day streak
Microsoft Security Operations Analyst14 / 190
Question 14 of 190
During an incident investigation, you are using a live response session on a compromised Windows device. You need to safely retrieve a suspicious executable from the device's C:\Temp folder so that your malware analysis team can examine it in an isolated sandbox environment. The file must be retrieved in a way that prevents accidental execution when it is downloaded to the analyst's workstation. Which live response action should you use?
Reviewed for accuracy · Report an issueNext question