A CHFI has been tasked to analyze Windows Security Logs in a highly complex and multi-layered security breach investigation. The breach involved an account creation, privilege escalation, and the installation of a service, all happening sequentially within a short duration. The investigator is required to retrieve a combination of Event IDs that would chronologically corroborate these events. Which combination of Event IDs should the investigator focus on?

A. Event ID 624, Event ID 4670, and Event ID 6011

B. Event ID 624, Event ID 500, and Event ID 7045

C. Event ID 4720, Event ID 4672, and Event ID 7045

D. Event ID 4720, Event ID 500, and Event ID 6011








 

Suggested Answer: C





This question is in 312-49V10 EC-Council Computer Hacking Forensic Investigator (CHFI) v10 Exam
For getting EC-Council Computer Hacking Forensic Investigator (CHFI) Certificate







Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by EC-Council. 
Trademarks, certification & product names are used for reference only and belong to EC-Council.
The website does not contain actual questions and answers from EC-Council's Certification Exams.