SC-200 Perform threat hunting • Set 13
SC-200 Perform threat hunting Practice Test 13 — 15 questions with explanations. Free, no signup.
During a threat hunt, you discover a PowerShell script that downloads and executes a payload from a remote server. Which Microsoft Defender for Endpoint action type would most likely capture this behavior in DeviceEvents?