Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Eccouncil Exam 312-39 Topic 2 Question 89 Discussion

Actual exam question for Eccouncil's 312-39 exam
Question #: 89
Topic #: 2
[All 312-39 Questions]

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.

Which of following Splunk query will help him to fetch related logs associated with process creation?

Show Suggested Answer Hide Answer
Suggested Answer: B

t/5a3187b4419202f0fb8b2dd1/1513195444728/Windows+Splunk+Logging+Cheat+Sheet+v2.2.pdf

Contribute your Thoughts:

Carol
3 months ago
I'm not sure, but I think A) and B) are quite similar, maybe we should check the Splunk documentation for more details
upvoted 0 times
...
Judy
3 months ago
I disagree, I believe the correct answer is B) index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$)
upvoted 0 times
...
Shantay
3 months ago
Hmm, B it is. I'm guessing John's going to have a field day tracking down all those pesky processes. Just don't let him catch me running Minesweeper on the job!
upvoted 0 times
...
Pedro
3 months ago
Option B is the winner! It's always the second choice, isn't it? Kidding, but seriously, this one looks legit.
upvoted 0 times
Jose
2 months ago
Yes, option B is definitely the best choice for fetching logs related to process creation. Good pick!
upvoted 0 times
...
Raul
2 months ago
I agree, option B seems like the most relevant query for monitoring process creation activities.
upvoted 0 times
...
...
Steffanie
3 months ago
I think the answer is A) index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$)
upvoted 0 times
...
Janessa
3 months ago
I agree with Roxane. Option B is the way to go here. The other options don't seem to match the event code for process creation.
upvoted 0 times
...
Roxane
3 months ago
Option B seems to be the correct choice. EventCode 4688 is the one associated with process creation events in Windows event logs.
upvoted 0 times
Kanisha
2 months ago
Option B seems to be the correct choice. EventCode 4688 is the one associated with process creation events in Windows event logs.
upvoted 0 times
...
Madonna
2 months ago
D) index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...
upvoted 0 times
...
Lenna
3 months ago
Thanks for pointing that out. I'll make sure to use that Splunk query to fetch the related logs.
upvoted 0 times
...
Aimee
3 months ago
I think option B is the correct choice. EventCode 4688 is associated with process creation events in Windows event logs.
upvoted 0 times
...
Della
3 months ago
C) index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..
upvoted 0 times
...
Lindsey
3 months ago
B) index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..
upvoted 0 times
...
Lazaro
3 months ago
A) index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..
upvoted 0 times
...
...

Save Cancel