🔥 3-day streak
Microsoft Security Operations Analyst32 / 190
Question 32 of 190
During an incident, you open a compromised Windows device in Microsoft Defender for Endpoint and select 'Collect investigation package.' Your forensic analyst needs to determine which programs were configured to run automatically at startup and which scheduled tasks existed on the device at the time of collection. Which artifact within the downloaded investigation package should the analyst examine to find this information?
Reviewed for accuracy · Report an issueNext question