nerdexam
GIAC

GCFA · Question #45

GCFA Question #45: Real Exam Question with Answer & Explanation

The correct answer is C. \%Systemroot%system32config. Windows NT/2000 stores critical security and event log files in the system32\config subdirectory under the system root.

Question

On which of the following locations does the Windows NT/2000 operating system contain the SAM, SAM.LOG, SECURITY.LOG, APPLICATION.LOG, and EVENT.LOG files?

Options

  • A%Systemroot%system32
  • B%Systemroot%profiles
  • C%Systemroot%system32config
  • D%Systemroot%help

Explanation

Windows NT/2000 stores critical security and event log files in the system32\config subdirectory under the system root.

Common mistakes.

  • A. %SystemRoot%\system32 is the parent directory containing system executables and DLLs, not the config subdirectory where registry hives and log files reside.
  • B. %SystemRoot%\profiles stores user profile directories, not system security databases or event logs.
  • D. %SystemRoot%\help contains Windows help files and documentation, not security or log database files.

Concept tested. Windows SAM and log file storage location

Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/security-audit-policy-settings

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFA Practice