🔥 3-day streak
Microsoft Security Operations Analyst34 / 190
Question 34 of 190

During an incident investigation, you open the device timeline for a compromised workstation in Microsoft Defender for Endpoint. You notice an executable named 'svc_update.exe' launched shortly before the alert fired. Before deciding on a remediation action, you want to quickly determine whether this file is rare across your organization or widely deployed as part of legitimate software. Which piece of information in the file's page should you review first?

Reviewed for accuracy · Report an issueNext question