🔥 3-day streak
Microsoft Security Operations Analyst93 / 190
Question 93 of 190
A SOC analyst at a manufacturing firm suspects a phishing campaign led to malware execution on endpoints. They want a single Advanced Hunting query in Microsoft Defender XDR that correlates malicious emails with subsequent file activity on the recipients' devices, so they can identify which users both received the email and later ran a suspicious attachment. Which approach correctly combines the required tables?
Reviewed for accuracy · Report an issueNext question