🔥 3-day streak
Microsoft Security Operations Analyst19 / 190
Question 19 of 190

During an active investigation, a SOC analyst suspects that a compromised Windows workstation (already onboarded to Microsoft Defender for Endpoint) is beaconing to a command-and-control server. The analyst needs to view the current active TCP/IP connections and listening ports on the live device to confirm the suspicious outbound session before deciding whether to isolate it. The analyst has an active Live Response session on the device. Which action provides the fastest way to obtain this information directly from the live endpoint?

Reviewed for accuracy · Report an issueNext question