Question
1. The main purpose of Sysmon is to help with what? Forensics Blocking malware Blocking network-based attacks 2. Where are sysmon events in Windows10/Windows 2016
1. The main purpose of Sysmon is to help with what?
Forensics
Blocking malware
Blocking network-based attacks
2. Where are sysmon events in Windows10/Windows 2016 readable?
a. System Log
b. Security Log
c. Application and Services Logs
3. Which command line tool verifies if an app is 32- or 64-bit?
a. SigCheck
b. VerCheck
c. PlatInfo
4. Which one of the following tools is great for finding insecure shares on the network?
a. ShareEnum
b. AccessChk
c. AccessEnum
5. More detailed information on different logons can be viewed with:
a. SystemInfo.exe
b. LogonSessions.exe
c. Process Explorer
6. What file is loaded into the registry when a user logs on?
a. NTUSER.MAN
b. DEFAULT.DAT
c. NTUSER.DAT
7. The last part of a Security Identifier (SID) is:
a. TID
b. RID
c. PID
8. An Access Token is refreshed for a user during:
a. Reboot
b. Logon
9. With which command would you verify sysmon driver installation?
a. FLTMC
b. SYSMONCMD
c. MSSYSMONCMD
d. GPUPDATE
10. Which part of the Security Descriptor houses the Auditing settings?
a. Ownership
b. SACL
c. DACL
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started