🔥 3-day streak
Microsoft Security Operations Analyst23 / 190
Question 23 of 190
During an active incident, a Defender for Endpoint device timeline shows a suspicious unsigned binary launching PowerShell repeatedly on a critical file server. Your SOC lead does not want to fully isolate the server because it hosts a business-critical database that other systems depend on, but wants to stop any untrusted, unsigned executables from running while the investigation continues. Which single Defender for Endpoint response action best meets this requirement?
Reviewed for accuracy · Report an issueNext question