ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 6 question 10 discussion

Actual exam question from Microsoft's SC-200
Question #: 10
Topic #: 6
[All SC-200 Questions]

HOTSPOT
-

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a Windows device named Device1.

You initiated a live response session on Device1.

You need to run a command that will download a 250-MB file named File1.exe from the live response library to Device1. The solution must ensure that File1.exe is downloaded as a background process.

How should you complete the live response command? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by wheeldj at April 30, 2024, 7:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rsanx42
Highly Voted 11 months, 1 week ago
1.putfile 2. & putfile - Puts a file from the library to the device. Files are saved in a working folder and are deleted when the device restarts by default. https://learn.microsoft.com/en-us/defender-endpoint/live-response#live-response-commands
upvoted 10 times
...
user636
Most Recent 8 months, 1 week ago
Another vague question it seems. putfile command will download the file from the "live response Library" to Device (The "device" here is the one with which you are connected via live response session.) getfile command will download a file from the Device. The "device" here is the one with which you are connected via live response session. Interestingly, as per the docs only the "getfile" command supports the background downloading. I did not see this mentioned for the "putfile" command. Ref: https://learn.microsoft.com/en-us/defender-endpoint/live-response#basic-commands
upvoted 3 times
...
g_man_rap
8 months, 2 weeks ago
getfile: This is the correct command to use in the Microsoft Defender for Endpoint's live response session when you want to download a file from the library to the target device. The getfile command is specifically designed for retrieving files from the library to the device. &: The & symbol is used to indicate that the file download should be executed as a background process. This ensures that the command runs asynchronously, allowing other processes to continue without waiting for the file download to complete.
upvoted 2 times
talosDevbot
7 months ago
getfile is a command you, as a SOC analyst/investigator, use to collect a file from the target device. This is useful if you want to further investigate that file putfile is the correct answer
upvoted 1 times
...
...
smanzana
9 months, 1 week ago
1) putfile 2) &
upvoted 2 times
...
4b097e5
9 months, 3 weeks ago
Correct answer: Here is the command getfile "C:\windows\some_file.exe" & (Starts downloading a file named some_file.exe in the background) https://learn.microsoft.com/en-us/defender-endpoint/live-response#put-a-file-in-the-library
upvoted 2 times
...
smosmo
12 months ago
PUTFILE is correct: PutFile: Puts a file from the library to the device. Files are saved in a working folder and are deleted when the device restarts by default. GetFile: Collect file from a device.
upvoted 3 times
...
nzxt610
1 year ago
Correct: https://learn.microsoft.com/en-us/defender-endpoint/live-response#download-a-file-in-the-background
upvoted 4 times
...
wheeldj
1 year ago
these answers should be, 1. Putfile - this command is used to download a file from the library to the device 2. & to make this a background task You have an Azure subscription that contains a user named User1 and a Microsoft Sentinel workspace named WS1. WS1 uses Microsoft Defender for Cloud. You have the Microsoft security analytics rules shown in the following table. User1 performs an action that matches Rule1, Rule2, Rule3, and Rule4. https://learn.microsoft.com/en-us/defender-endpoint/live-response#advanced-commands
upvoted 3 times
wheeldj
1 year ago
Opps!! cut and past error in the above comment! my bad! Should read as below these answers should be, 1. Putfile - this command is used to download a file from the library to the device 2. & to make this a background task https://learn.microsoft.com/en-us/defender-endpoint/live-response#advanced-commands
upvoted 9 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago