SC-200 Respond to security incidents • Set 22
SC-200 Respond to security incidents Practice Test 22 — 15 questions with explanations. Free, no signup.
Your security team receives an alert from Microsoft Defender for Endpoint indicating a suspicious PowerShell command was executed on a device. The command attempted to download a payload from a known malicious IP. After confirming the alert is a true positive, what should be your first containment step?