🔥 3-day streak
Microsoft Security Operations Analyst22 / 190
Question 22 of 190
During an incident in Microsoft Defender for Endpoint, you are reviewing the device timeline of a workstation flagged for a suspicious PowerShell process that beaconed to an external IP. You need to prevent the device from communicating with anything other than the Defender for Endpoint cloud service while still allowing the SOC to run live response commands and investigation packages on it. Which response action should you take on the device?
Reviewed for accuracy · Report an issueNext question