SC-200 • Mock Exam 81
Free SC-200 mock exam — 25 questions with explanations. Set 81. No signup required.
During a threat hunt, you identify a suspicious process execution chain in Microsoft Defender for Endpoint: `powershell.exe` spawned `cmd.exe` which then executed `rundll32.exe`. To investigate the parent-child relationships, which KQL statement should you use in Advanced Hunting?