ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-200 All Questions

View all questions & answers for the SC-200 exam
Go to Exam

Exam SC-200 topic 6 question 20 discussion

Actual exam question from Microsoft's SC-200
Question #: 20
Topic #: 6
[All SC-200 Questions]

HOTSPOT
-

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint Plan 2 and contains a Windows device named Device1.
You initiate a live response session on Device1 and launch an executable file named File1.exe in the background.

You need to perform the following actions:

• Identify the command ID of File1.exe.
• Interact with File1.exe.

Which live response command should you run for each action? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by rsanx42 at May 30, 2024, 1:35 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rsanx42
Highly Voted 11 months, 2 weeks ago
Actually Jobs and FG makes more sense https://learn.microsoft.com/en-us/defender-endpoint/live-response
upvoted 21 times
...
smanzana
Highly Voted 9 months, 3 weeks ago
jobs fg
upvoted 6 times
...
Optimizor_IT
Most Recent 1 month ago
jobs: In live response, background tasks (e.g., scripts or async commands) are tracked as jobs. Example: If you ran run File1.exe or a script to launch it in the background, jobs lists it with a Command ID (e.g., “Cmd_1234”). Assumption: “Background” implies a job-like execution, making jobs the best fit. fg: Defender live response borrows from job control concepts (e.g., Unix-like fg for foreground). Example: After identifying the Command ID (e.g., Cmd_1234 from jobs), run fg Cmd_1234 to interact with File1.exe. Assumption: “Interact” means resuming control of the background process.
upvoted 2 times
...
rebecchu0731
6 months, 2 weeks ago
Copilot says the answer should be processed and fg
upvoted 1 times
rebecchu0731
6 months, 2 weeks ago
Sorry typo. Should be processes and connect. Fg is used to bring a background job to the foreground.
upvoted 1 times
...
...
g_man_rap
8 months, 3 weeks ago
Identify the command ID of File1.exe: Correct Answer: processes The processes command lists all running processes on the device, along with their associated command IDs. This command allows you to identify the specific command ID of the File1.exe process. Interact with File1.exe: Correct Answer: connect The connect command is used to attach to or interact with a specific running process, such as File1.exe. Once connected, you can perform actions like viewing the process's output or sending input to it.
upvoted 2 times
g_man_rap
8 months, 3 weeks ago
reviewed: process and fg
upvoted 6 times
Cognac85
8 months, 3 weeks ago
fg - Place the specified job in the foreground, making it the current job. Note that fg takes a command ID available from jobs, not a PID. Command ID is derived from jobs while Process ID is derived from processes.
upvoted 4 times
...
...
...
rsanx42
11 months, 2 weeks ago
Correct. https://learn.microsoft.com/en-us/defender-endpoint/live-response-command-examples
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago