A CHFI professional is investigating a data breach in a Windows 10 system. The initial analysis revealed some alterations in the system event logs. As part of the investigation, the professional uses the ‘wevtutil’ command-line tool. The command ‘wevtutil gl Security’ was executed, but the results seemed abnormal. Which of the following could be a plausible reason for this outcome?

Questions › Category: 312-49V10 › A CHFI professional is investigating a data breach in a Windows 10 system. The initial analysis revealed some alterations in the system event logs. As part of the investigation, the professional uses the ‘wevtutil’ command-line tool. The command ‘wevtutil gl Security’ was executed, but the results seemed abnormal. Which of the following could be a plausible reason for this outcome?

0 Vote Up Vote Down

Admin Staff asked 6 months ago

A CHFI professional is investigating a data breach in a Windows 10 system. The initial analysis revealed some alterations in the system event logs. As part of the investigation, the professional uses the ‘wevtutil’ command-line tool. The command ‘wevtutil gl Security’ was executed, but the results seemed abnormal. Which of the following could be a plausible reason for this outcome?

A. The command ‘wevtutil gl Security’ does not exist in the ‘wevtutil’ command set

B. The ‘wevtutil’ command cannot retrieve data from XML-based EVTX file format

C. The Event Log service was temporarily unresponsive or down

D. The EVTX file storing the Security log was corrupted or tampered with








 

Suggested Answer: D

Community Answer: D



This question is in 312-49V10 EC-Council Computer Hacking Forensic Investigator (CHFI) v10 Exam
For getting EC-Council Computer Hacking Forensic Investigator (CHFI) Certificate







Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by EC-Council. 
Trademarks, certification & product names are used for reference only and belong to EC-Council.
The website does not contain actual questions and answers from EC-Council's Certification Exams.

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

In the event of a fileless malware attack, a Computer Hacking Forensics Investigator (CHFI) notes that the fileless malware has managed to persist even after the system reboots. What built-in Windows tool/utility might the attacker most likely have leveraged for this persistent behavior?

Recommended

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Fortinet NSE 4 – FortiOS 7.2 certificate

Welcome Back!

Create New Account!

Retrieve your password