🔥 3-day streak
Microsoft Security Operations Analyst26 / 190
Question 26 of 190

During an active incident in Microsoft Defender for Endpoint, a SOC analyst identifies a persistence mechanism on an onboarded Windows server: a malicious scheduled task that re-downloads a payload. The analyst wants to remediate the task on the live device without waiting for a full reimage, using a PowerShell script that the SOC team has already validated and stored centrally so it can be reused across future live response sessions. Which action allows the analyst to execute this pre-approved script during a live response session?

Reviewed for accuracy · Report an issueNext question