MS-102 Manage security and threats by using Microsoft Defender XDR • Set 2
MS-102 Manage security and threats by using Microsoft Defender XDR Practice Test 2 — 15 questions with explanations. Free, no signup.
A security analyst needs to create a custom detection rule in Microsoft Defender XDR that triggers when a user's device establishes a network connection to a known malicious IP address on a port commonly used by a specific malware. The rule must also include process information such as the filename of the process that initiated the connection. Which advanced hunting table should be the primary data source for this rule?