🔥 3-day streak
Microsoft Security Operations Analyst28 / 190
Question 28 of 190
During an active investigation in Microsoft Defender for Endpoint, you open a live response session to a compromised Windows workstation. Using the device timeline, you identify a suspicious running process named 'svch0st.exe' that is beaconing to a known malicious IP. You need to immediately terminate the running malicious process AND remove its executable from disk during the same live response session, without isolating the device (network isolation is being handled separately). Which sequence of live response commands accomplishes this?
Reviewed for accuracy · Report an issueNext question