SC-200 Perform threat hunting • Set 16
SC-200 Perform threat hunting Practice Test 16 — 15 questions with explanations. Free, no signup.
During a threat hunt, you identify a suspicious process execution chain in Microsoft Defender for Endpoint: `powershell.exe` spawned `cmd.exe` which then executed `rundll32.exe`. To investigate the parent-child relationships, which KQL statement should you use in Advanced Hunting?