EC-CouncilEC-Council
212-82 · Question #72
212-82 Question #72: Real Exam Question with Answer & Explanation
Sign in or unlock 212-82 to reveal the answer and full explanation for question #72. The question stem and answer options stay visible for context.
Submitted by lucia.co· Mar 6, 2026Cloud Security Operations & Incident Response
Question
The SOC department in a multinational organization has collected logs of a security event as "Windows.events.evtx". Study the Audit Failure logs in the event log file located in the Documents folder of the "Attacker Maehine-1" and determine the IP address of the attacker. (Note: The event ID of Audit failure logs is 4625.)
Options
- A10.10.1.12
- B10.10.1.10
- C10.10.1.16
- D10.10.1.19
Unlock 212-82 to see the answer
You've previewed enough free 212-82 questions. Unlock 212-82 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#log analysis#Windows events#audit logs#IP address