What does the command "C:\>wevtutil gl " display?

B. Event logs are saved in .xml format

D. List of available Event Logs

EC-CouncilEC-Council

312-49 · Question #690

312-49 Question #690: Real Exam Question with Answer & Explanation

The correct answer is A: Configuration information of a specific Event Log. The 'wevtutil' (Windows Events Command Line Utility) command uses 'gl' (get-log) to retrieve and display configuration information for a specific event log, including properties such as whether the log is enabled, its maximum size, retention policy, log file path, and access perm

Submitted by the_admin· Apr 18, 2026Computer Forensics in Today's World

Question

What does the command "C:\>wevtutil gl <log name>" display?

Options

AConfiguration information of a specific Event Log
BEvent logs are saved in .xml format
CEvent log record structure
DList of available Event Logs

Explanation

The 'wevtutil' (Windows Events Command Line Utility) command uses 'gl' (get-log) to retrieve and display configuration information for a specific event log, including properties such as whether the log is enabled, its maximum size, retention policy, log file path, and access permissions. Other wevtutil parameters serve different purposes: 'el' lists all available event logs, 'qe' queries events, and 'epl' exports logs. Understanding wevtutil is essential for Windows forensic investigations as event logs are a primary source of evidence.

Topics

#Windows Event Logs#wevtutil#Command-line Utilities#System Artifacts

Community Discussion

No community discussion yet for this question.

Full 312-49 Practice Browse All 312-49 Questions