🔥 3-day streak
Microsoft Security Operations Analyst110 / 190
Question 110 of 190
During investigation of a Microsoft Defender XDR incident, an analyst opens a live response session to a compromised Windows server. They locate a suspicious executable at C:\Temp\svc_update.exe and need to safely retrieve the binary so the malware team can perform static analysis in an isolated sandbox, without executing it on the server. Which live response action should the analyst use?
Reviewed for accuracy · Report an issueNext question