🔥 3-day streak
Microsoft Security Operations Analyst75 / 190
Question 75 of 190
A threat analyst in Microsoft Defender XDR Advanced Hunting must confirm whether a suspicious executable that appeared on several endpoints was actually launched by a user or process — not merely written to disk. Which table should the analyst query to establish that the file was executed with its command line and initiating parent process?
Reviewed for accuracy · Report an issueNext question