Exam SC-200 All QuestionsBrowse all questions from this exam
Go to Exam
Question 260

HOTSPOT

-

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint and contains a Windows device named Device1.

You need to investigate a suspicious executable file detected on Device1. The solution must meet the following requirements:

• Identify the image file path of the file.

• Identify when the file was first detected on Device1.

What should you review from the timeline of the detection event? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
laddu001

To identify the image file path: Review the Event entities graph: This graph will display the relationships and interactions involving the file, including the full image file path. By examining the graph, you can trace the file’s creation and its path on Device1. To identify when the file was first detected: Open the file page from Entities: This page provides detailed information about the file, including the timestamp of when the file was first detected on Device1. You can access this information directly from the entities list related to the detection event.

wheeldj

These answers are the wrong way round. To identify the image file path -> Event entities graph To identify when the file was first seen -> open the file page from Entities

Simboti

can you share the link please

Hawklx

The Event entities graph can also be useful for visualizing the relationships between different entities related to the alert. However, it might not directly show the image file path.

Hawklx

Actually I was wrong, the order is like other suggested

Avaris

here is the answer from copilot which makes this answer correct Based on the information provided in the image, to investigate a suspicious executable file detected on Device1 and meet the requirements: To identify the image file path of the file, you should review the Entities from the timeline of the detection event. To identify when the file was first detected on Device1, you should review the Event entities graph from the timeline of the detection event. These options will provide the necessary details about the suspicious file’s location on the device and the timeline of its detection, which are crucial for a thorough investigation. Always ensure to verify such information from trusted sources or directly from the service provider for security reasons. If you have any further questions or need additional assistance, feel free to ask!