🔥 3-day streak
Microsoft Security Operations Analyst75 / 190
Question 75 of 190

A threat analyst in Microsoft Defender XDR Advanced Hunting must confirm whether a suspicious executable that appeared on several endpoints was actually launched by a user or process — not merely written to disk. Which table should the analyst query to establish that the file was executed with its command line and initiating parent process?

Reviewed for accuracy · Report an issueNext question