BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil Exam 212-82 Topic 7 Question 26 Discussion

Actual exam question for Eccouncil's 212-82 exam
Question #: 26
Topic #: 7
[All 212-82 Questions]

The SOC department in a multinational organization has collected logs of a security event as

"Windows.events.evtx". Study the Audit Failure logs in the event log file located in the Documents folder of the

-Attacker Maehine-1" and determine the IP address of the attacker. (Note: The event ID of Audit failure logs is

4625.)

(Practical Question)

Show Suggested Answer Hide Answer
Suggested Answer: C

The IP address of the attacker is 10.10.1.16. This can be verified by analyzing the Windows.events.evtx file using a tool such as Event Viewer or Log Parser. The file contains several Audit Failure logs with event ID 4625, which indicate failed logon attempts to the system. The logs show that the source network address of the failed logon attempts is 10.10.1.16, which is the IP address of the attacker3. The screenshot below shows an example of viewing one of the logs using Event Viewer4: Reference: Audit Failure Log, [Windows.events.evtx], [Screenshot of Event Viewer showing Audit Failure log]


by Daren at Apr 24, 2024, 01:26 PM

Limited Time Offer

25%

Off

Get Premium 212-82 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Charlene
5 months ago
Sure, I noticed a recurring IP address in the log files corresponding to that value.
upvoted 0 times
...
Kanisha
6 months ago
Interesting, can you explain why you think A) 10.10.1.12 is the correct answer?
upvoted 0 times
...
Charlene
6 months ago
I'm leaning towards A) 10.10.1.12 because of the patterns I observed in the event log file.
upvoted 0 times
...
Samira
6 months ago
I disagree, I believe it's C) 10.10.1.16 based on the logs I analyzed.
upvoted 0 times
...
Kanisha
6 months ago
I think the answer is B) 10.10.1.10.
upvoted 0 times
...
Lashawn
7 months ago
I guess we'll have to look deeper into the logs to find out for sure.
upvoted 0 times
...
Colette
7 months ago
I am leaning towards 10.10.1.16.
upvoted 0 times
...
Jina
7 months ago
I disagree, I believe it is 10.10.1.10.
upvoted 0 times
...
Lashawn
7 months ago
I think the IP address of the attacker is 10.10.1.12.
upvoted 0 times
...

Save Cancel