SC-200 • Practice Exam 61
Free SC-200 practice exam — 20 questions with explanations. Set 61. No signup required.
You are investigating a potential malicious PowerShell execution in Microsoft Defender for Endpoint using this KQL query in Advanced Hunting. The query returns no results. What is the most likely cause?
Refer to the exhibit. ```kql // KQL query from Microsoft Sentinel DeviceEvents | where Timestamp > ago(7d) | where ActionType == "ProcessCreated" | where InitiatingProcessFileName == "powershell.exe" | where ProcessCommandLine has "-EncodedCommand" | project Timestamp, DeviceName, FileName, ProcessCommandLine | take 100 ```