Crucial Exams

Microsoft Security Operations Analyst Associate SC-200 Practice Question

You are investigating an incident in Microsoft Defender for Endpoint. On the Incident page you pivot to the Device timeline of the affected Windows 11 laptop. The SOC lead asks you to collect the standard investigation package from the device so that you can examine recent persistence mechanisms offline. From the Device timeline you initiate a live response session and must now run a single command that:

  • gathers the preset collection of triage artefacts (registry hives, running processes, network connections, scheduled tasks, etc.)
  • automatically uploads the resulting ZIP file to the portal for later download
    Which live response command should you run?

  • collectmemory

  • getfile

  • download

  • collect

Microsoft Security Operations Analyst Associate SC-200
Manage incident response
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot