PowerShell PBQs: Understanding Cisco Cybersecurity Operations Fundamentals (200-201)
easyQuestion 1 of 3
You are a Tier 1 SOC analyst at a corporate security operations center. An endpoint detection tool has generated an alert for a Windows workstation (WS-HR-PC04) used by an employee in Human Resources. The alert indicates suspicious process activity. Your supervisor has asked you to pull up the running processes on the endpoint and identify anything unusual.
Objectives
- •List all running processes on the endpoint to identify any suspicious activity
PowerShell
PS C:\Users\SOCTier1>
Type cmdlets and press Enter to execute. Use ↑↓ to navigate history. Tab to autocomplete. Ctrl+C to cancel, Ctrl+L to clear.
Progress
0 of 1 steps detectedRun at least one command to mark this question complete
0 of 3 marked complete