🔥 3-day streak
Microsoft Security Operations Analyst80 / 190
Question 80 of 190
You are hunting for a suspected pass-the-hash attack in Microsoft Defender XDR Advanced Hunting. You need to identify interactive and network logons that occurred directly on onboarded Windows endpoints, including the logon type and the account used, so you can pivot on lateral movement between managed devices. Which table should you query?
Reviewed for accuracy · Report an issueNext question