Microsoft Security Operations Analyst Associate SC-200 Practice Question
While investigating an incident in Microsoft Defender for Endpoint, you locate a suspicious executable on an onboarded Windows 11 device. You need to obtain a copy of that specific file for deeper offline analysis without interrupting the user. Which Defender for Endpoint capability should you use to retrieve the file securely from the remote device?
Collect an investigation package from the device.
Initiate a full Microsoft Defender Antivirus scan from the portal.
Start a live response session and run the getfile command to download the executable.
Isolate the device from the network to create a snapshot that includes the file.
The Live response feature lets analysts open an interactive command-line session to the affected device. During that session you can run the getfile command, which securely transfers a requested file (up to the configured size limit) to the Microsoft Defender portal for download and analysis. A full antivirus scan or isolating the device does not provide a copy of the file, and an investigation package only gathers predefined forensic artifacts such as logs, registry hives, and memory dumps-not arbitrary files chosen by the analyst.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a live response session in Microsoft Defender for Endpoint?
Open an interactive chat with Bash
What is the purpose of the getfile command in Microsoft Defender for Endpoint?
Open an interactive chat with Bash
How does an investigation package differ from the getfile command?
Open an interactive chat with Bash
Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .