EC-Council
312-49V11 · Question #167
312-49V11 Question #167: Real Exam Question with Answer & Explanation
Sign in or unlock 312-49V11 to reveal the answer and full explanation for question #167. The question stem and answer options stay visible for context.
Question
A CHFI professional is investigating a data breach in a Windows 10 system. The initial analysis revealed some alterations in the system event logs. As part of the investigation, the professional uses the 'wevtutil' command-line tool. The command 'wevtutil gl Security' was executed, but the results seemed abnormal. Which of the following could be a plausible reason for this outcome?
Options
- AThe command 'wevtutil gl Security' does not exist in the 'wevtutil' command set
- BThe 'wevtutil' command cannot retrieve data from XML-based EVTX file format
- CThe Event Log service was temporarily unresponsive or down
- DThe EVTX file storing the Security log was corrupted or tampered with
Unlock 312-49V11 to see the answer
You've previewed enough free 312-49V11 questions. Unlock 312-49V11 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.