SC-200 - Respond to Security Incidents - Section 2.6
Perform response actions on devices in Microsoft Defender for Endpoint, including live response and automatic attack disruption.
Perform response actions on endpoints in Microsoft Defender for Endpoint, including isolating a device, collecting an investigation package, and running commands via live response to gather forensic artefacts. Recognise when automatic attack disruption has already contained an attack and what remediation steps remain for the analyst.
live responsecollecting investigation packagesdevice isolation and response actionsautomatic attack disruption remediation
More in this domain
Back to all Respond to Security Incidents objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.