SC-200 Perform threat hunting • Set 14
SC-200 Perform threat hunting Practice Test 14 — 15 questions with explanations. Free, no signup.
An organization uses Microsoft Defender for Endpoint (MDE) to hunt for signs of credential dumping. An analyst runs a custom advanced hunting query that searches for processes accessing LSASS.exe. The query uses DeviceProcessEvents and DeviceFileEvents. The analyst notices that some known credential dumping tools are detected, but they want to find previously unknown variants. Which approach should the analyst take to improve the hunt?