🔥 3-day streak
Microsoft Security Operations Analyst71 / 190
Question 71 of 190

During threat hunting in Microsoft Defender XDR Advanced Hunting, you receive a threat intelligence report listing a SHA256 file hash associated with a newly observed ransomware loader. You need to identify every managed device where this exact file was created or downloaded over the past 14 days, along with the initiating process. Which single table should you query as the primary source?

Reviewed for accuracy · Report an issueNext question