Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

John works as a Network Administrator for DigiNet Inc.

GIAC GCFA Full Course Access
GIAC GCFA View All Questions

John works as a Network Administrator for DigiNet Inc. He wants to investigate failed logon attempts to a network. He uses Log Parser to detail out the failed logons over a specific time frame. He uses the following commands and query to list all failed logons on a specific date:

logparser.exe file:FailedLogons.sql -i:EVT -o:datagrid

SELECT

timegenerated AS LogonTime,

extract_token(strings, 0, '|') AS UserName

FROM Security

WHERE EventID IN (529;

530;

531;

532;

533;

534;

535;

537;

539)

AND to_string(timegenerated,'yyyy-MM-dd HH:mm:ss') like '2004-09%'

After investigation, John concludes that two logon attempts were made by using an expired account.

Which of the following EventID refers to this failed logon?

A.

529

B.

534

C.

531

D.

532

GCFA PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now GCFA pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
Which of the following types of attacks cannot be prevented by technical measures only?
You want to change the attribute of a file named ACE.
Previous