🔥 3-day streak
Microsoft Security Operations Analyst125 / 190
Question 125 of 190

During investigation of a multi-stage incident in Microsoft Defender XDR, an analyst finds a suspicious Base64-encoded PowerShell command that was executed on a compromised endpoint. The analyst wants to use embedded Microsoft Security Copilot to quickly understand what the obfuscated script does without manually decoding and interpreting it. Which Security Copilot capability should the analyst use?

Reviewed for accuracy · Report an issueNext question