Eccouncil Exam 312-39 Topic 10 Question 15 Discussion

Actual exam question for Eccouncil's 312-39 exam

Question #: 15
Topic #: 10

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.

Which of following Splunk query will help him to fetch related logs associated with process creation?

Aindex=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..

Bindex=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..

Cindex=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..

Dindex=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...

Show Suggested Answer

Suggested Answer: B

t/5a3187b4419202f0fb8b2dd1/1513195444728/Windows+Splunk+Logging+Cheat+Sheet+v2.2.pdf

by Mariann at May 08, 2022, 03:21 AM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!