Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam 312-49v10 All Questions

View all questions & answers for the 312-49v10 exam

Exam 312-49v10 topic 1 question 613 discussion

Actual exam question from ECCouncil's 312-49v10
Question #: 613
Topic #: 1
[All 312-49v10 Questions]

Maria has executed a suspicious executable file in a controlled environment and wants to see if the file adds/modifies any registry value after execution via
Windows Event Viewer. Which of the following event ID should she look for in this scenario?

  • A. Event ID 4657
  • B. Event ID 4688
  • C. Event ID 7040
  • D. Event ID 4624
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
aqeel1506
4 months ago
A. Event ID 4657 Explanation: Event ID 4657: This event is logged when there is a modification to an object’s attributes, including registry values. It provides information about what was changed, including the old and new values, making it useful for tracking changes to the registry. Other Event IDs: Event ID 4688: This event logs the creation of a new process, which would be useful for tracking the execution of the executable file itself but not for registry modifications. Event ID 7040: This event records changes to the service configuration, which is not directly related to registry modifications made by a program. Event ID 4624: This event logs a successful logon attempt, which is not related to registry modifications.
upvoted 1 times
...
Elb
6 months ago
Selected Answer: A
4657 A registry value was modified
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...