Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft SC-200 Exam - Topic 3 Question 85 Discussion

You have a Microsoft 365 E5 subscription that contains a device named Device 1. Device 1 is enrolled in Microsoft Defender for End point.Device1 reports an incident that includes a file named File1 exe as evidence.You initiate the Collect Investigation Package action and download the ZIP file.You need to identify the first and last time File1.exe was executed.What should you review in the investigation package?
E) Prefetch files
A) Processes
B) Scheduled tasks
C) Autoruns
D) Security event log

Microsoft SC-200 Exam - Topic 3 Question 85 Discussion

Actual exam question for Microsoft's SC-200 exam
Question #: 85
Topic #: 3
[All SC-200 Questions]

You have a Microsoft 365 E5 subscription that contains a device named Device 1. Device 1 is enrolled in Microsoft Defender for End point.

Device1 reports an incident that includes a file named File1 exe as evidence.

You initiate the Collect Investigation Package action and download the ZIP file.

You need to identify the first and last time File1.exe was executed.

What should you review in the investigation package?

Show Suggested Answer Hide Answer
Suggested Answer: E

by Norah at Sep 14, 2024, 02:56 PM

Limited Time Offer

25%

Off

Get Premium SC-200 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ora
6 months ago
Wait, I thought autoruns were the best way to track this stuff?
upvoted 0 times
...
Annita
6 months ago
Prefetch files can also give you execution info, don't forget that!
upvoted 0 times
...
Nana
7 months ago
I'm not so sure about that, what if it was a scheduled task?
upvoted 0 times
...
Major
7 months ago
Definitely, that's where all the execution data is stored!
upvoted 0 times
...
Laila
7 months ago
You should check the Security event log for execution times.
upvoted 0 times
...
Adela
7 months ago
I feel like Scheduled tasks might not be the right choice here, but I can't recall if they could show execution times. I think I’d lean towards the Security event log instead.
upvoted 0 times
...
Lucina
8 months ago
I practiced a similar question where we had to analyze processes. Maybe checking the Processes section could help us find when File1.exe was active?
upvoted 0 times
...
Elmer
8 months ago
I'm not entirely sure, but I remember something about Prefetch files being useful for tracking execution history. Could they show us the first and last run times?
upvoted 0 times
...
Bulah
8 months ago
I think we might need to look at the Security event log to find the execution times for File1.exe. That seems to be where execution events are logged.
upvoted 0 times
...
Charlene
8 months ago
This seems straightforward to me. The security event log is where Windows records application execution, so that's where I'd look to find the first and last run times for File1.exe. I'm confident that's the right approach.
upvoted 0 times
...
Regenia
8 months ago
I'm a bit confused by this question. The investigation package seems like it might have some specialized information, but I'm not sure which section would be the most relevant. I think I'll have to review the Processes, Autoruns, and Security event log to see which one provides the best information.
upvoted 0 times
...
Vanesa
8 months ago
Okay, let's think this through. The question is asking about identifying the first and last time File1.exe was executed. That sounds like it would be in the process history, so I'm going to go with Processes as my answer.
upvoted 0 times
...
Alesia
8 months ago
Hmm, I'm not sure about this one. The question mentions an investigation package, so I'm wondering if the answer might be something specific to that package, like the Processes or Autoruns sections.
upvoted 0 times
...
Cathrine
8 months ago
I think the security event log would be the best place to look for the execution times of File1.exe. The event log should have records of when the file was run.
upvoted 0 times
...
Fletcher
2 years ago
Ah, the security event log, the all-knowing, all-seeing oracle of IT. If this was a crime scene, it would be the one witness that never lies. Option D, without a doubt!
upvoted 0 times
Fernanda
2 years ago
D) Security event log
upvoted 0 times
...
Thad
2 years ago
Definitely the Security event log, it's the key to solving this mystery.
upvoted 0 times
...
Leah
2 years ago
E) Prefetch files
upvoted 0 times
...
Beckie
2 years ago
D) Security event log
upvoted 0 times
...
Willard
2 years ago
C) Autoruns
upvoted 0 times
...
Arlie
2 years ago
B) Scheduled tasks
upvoted 0 times
...
Alishia
2 years ago
A) Processes
upvoted 0 times
...
...
Gladys
2 years ago
I bet the person who came up with 'Scheduled tasks' as an option is the same one who thought Microsoft Bob was a good idea. Security event log is the way to go, my friends.
upvoted 0 times
...
Nieves
2 years ago
Hmm, let's see. Autoruns might show some interesting stuff, but for a specific file, the event log is the obvious choice. This is like security incident investigation 101.
upvoted 0 times
Darrel
2 years ago
Let's check the Security event log in the investigation package.
upvoted 0 times
...
Royce
2 years ago
Agreed, that's where we can find the first and last time File1.exe was executed.
upvoted 0 times
...
Odette
2 years ago
I think we should review the Security event log.
upvoted 0 times
...
...
Micaela
2 years ago
I believe we should also check the security event log for more information.
upvoted 0 times
...
Bulah
2 years ago
I agree with Terrilyn, processes can help us identify when File1.exe was executed.
upvoted 0 times
...
Dierdre
2 years ago
Seriously? Prefetch files? What is this, Windows XP? As if those would give you any useful info about a security incident. Option D all the way!
upvoted 0 times
Carman
2 years ago
Definitely, Security event log will provide the most accurate information about the execution of File1.exe.
upvoted 0 times
...
Ilona
2 years ago
Yeah, Security event log is more reliable for identifying when File1.exe was executed.
upvoted 0 times
...
Glendora
2 years ago
I agree, Prefetch files are outdated. Security event log is the way to go.
upvoted 0 times
...
...
Mari
2 years ago
The security event log is the way to go! If there's a file associated with an incident, the event log is where you'll find the execution details. This is a no-brainer for any security-savvy admin.
upvoted 0 times
Broderick
2 years ago
D) Security event log
upvoted 0 times
...
Chi
2 years ago
C) Autoruns
upvoted 0 times
...
Leeann
2 years ago
B) Scheduled tasks
upvoted 0 times
...
Penney
2 years ago
A) Processes
upvoted 0 times
...
...
Terrilyn
2 years ago
I think we should review the processes in the investigation package.
upvoted 0 times
...

Save Cancel