Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

GAQM Exam CFA-001 Topic 1 Question 102 Discussion

Actual exam question for GAQM's CFA-001 exam
Question #: 102
Topic #: 1
[All CFA-001 Questions]

When a system is compromised, attackers often try to disable auditing, in Windows 7; modifications to the audit policy are recorded as entries of Event ID____________.

Show Suggested Answer Hide Answer
Suggested Answer: B

by Blair at Jan 27, 2025, 08:47 AM

Limited Time Offer

25%

Off

Get Premium CFA-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Rima
1 months ago
I bet the answer is something like '42' just to mess with us.
upvoted 0 times
...
Cristal
1 months ago
This question is as clear as mud. I hope the exam has more straightforward ones.
upvoted 0 times
...
Justine
1 months ago
Aha! I remember this from my Windows 7 security training. It's definitely 4902.
upvoted 0 times
Ilda
8 days ago
C) 4904
upvoted 0 times
...
Lynda
9 days ago
That's correct, Event ID 4902 is recorded for modifications to the audit policy.
upvoted 0 times
...
Jacqueline
9 days ago
That's correct!
upvoted 0 times
...
Stevie
21 days ago
I think it's A) 4902 as well.
upvoted 0 times
...
Fletcher
21 days ago
A) 4902
upvoted 0 times
...
Lindsey
27 days ago
Yes, you're right! It's Event ID 4902.
upvoted 0 times
...
...
Lera
2 months ago
Wait, isn't it the other way around? I thought 4904 was the right answer.
upvoted 0 times
Wilda
25 days ago
Oh, I see. Thanks for clarifying!
upvoted 0 times
...
Kandis
27 days ago
C) 4904
upvoted 0 times
...
Kenneth
1 months ago
No, it's actually C) 4904.
upvoted 0 times
...
Nobuko
1 months ago
A) 4902
upvoted 0 times
...
...
Felicitas
2 months ago
Hmm, I was thinking it was 3904, but now I'm second-guessing myself.
upvoted 0 times
Van
10 days ago
A) 4902
upvoted 0 times
...
Georgeanna
16 days ago
I'm pretty sure it's 4904, not 3904.
upvoted 0 times
...
James
17 days ago
C) 4904
upvoted 0 times
...
Daren
1 months ago
I think it's actually 4902, not 3904.
upvoted 0 times
...
Virgie
1 months ago
A) 4902
upvoted 0 times
...
...
Grover
2 months ago
I'm not sure, but I think it's C) 4904. Can someone explain why it's not A) 4902?
upvoted 0 times
...
Kristine
2 months ago
I'm sure it's 4902, I've seen that in my security logs before.
upvoted 0 times
...
Alpha
2 months ago
I agree with Mira, because modifications to the audit policy are recorded as entries of Event ID 4902.
upvoted 0 times
...
Mira
2 months ago
I think the answer is A) 4902.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77