Microsoft Security Operations Analyst — Question 94

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.

You need to identify any devices that triggered a malware alert and collect evidence related to the alert. The solution must ensure that you can use the results to initiate device isolation for the affected devices.

What should you use in the Microsoft 365 Defender portal?

Answer options

• A. incidents
• B. Remediation
• C. Investigations
• D. Advanced hunting

Correct answer: D

Explanation

The correct answer is D, 'Advanced hunting', as it allows you to query and analyze security data to find devices associated with malware alerts and gather evidence for isolation. Options A, B, and C do not provide the same level of detailed investigation capabilities needed for this task.