New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 312-39 Exam - Topic 10 Question 15 Discussion

Actual exam question for Eccouncil's 312-39 exam
Question #: 15
Topic #: 10
[All 312-39 Questions]

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.

Which of following Splunk query will help him to fetch related logs associated with process creation?

Show Suggested Answer Hide Answer
Suggested Answer: B

t/5a3187b4419202f0fb8b2dd1/1513195444728/Windows+Splunk+Logging+Cheat+Sheet+v2.2.pdf

by Mariann at May 08, 2022, 03:21 AM

Limited Time Offer

25%

Off

Get Premium 312-39 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Chery
4 months ago
Seems like a no-brainer, B is the way to go!
upvoted 0 times
...
Jesus
4 months ago
3688? Never heard of that one for process creation.
upvoted 0 times
...
Wenona
4 months ago
I thought it was 4678? Not sure now...
upvoted 0 times
...
An
4 months ago
Definitely B! That's the correct query.
upvoted 0 times
...
Willodean
5 months ago
EventCode 4688 is the one for process creation.
upvoted 0 times
...
Ozell
5 months ago
I'm leaning towards option B as well, but I wish I had reviewed the event codes more thoroughly before the exam.
upvoted 0 times
...
Barney
5 months ago
I feel like EventCode 4678 was mentioned in our study materials, but I can't recall if it's specifically for process creation.
upvoted 0 times
...
Troy
5 months ago
I remember practicing a similar question, and I believe it was about monitoring process creation too. I think option B is correct.
upvoted 0 times
...
Cathern
5 months ago
I think EventCode 4688 is the one related to process creation, but I'm not completely sure.
upvoted 0 times
...
Iesha
5 months ago
Okay, I think I know the difference between quality control, quality planning, and quality assurance, but quality improvement is throwing me off a bit. Let me re-read the question and options.
upvoted 0 times
...
Vernice
5 months ago
Okay, I think I've got this. The "listen port" is 8101, and "enable calculated listen ports" is true, so the two servers will bind to the next available ports, which are 8102 and 8103. I'm pretty confident in this answer.
upvoted 0 times
...

Save Cancel