GAQM Exam CFA-001 Topic 1 Question 102 Discussion

Actual exam question for GAQM's CFA-001 exam

Question #: 102
Topic #: 1

When a system is compromised, attackers often try to disable auditing, in Windows 7; modifications to the audit policy are recorded as entries of Event ID____________.

A4902

B3902

C4904

D3904

Show Suggested Answer

Suggested Answer: B

by Blair at Jan 27, 2025, 08:47 AM

Limited Time Offer

25%

Off

Get Premium CFA-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lera

5 days ago

Wait, isn't it the other way around? I thought 4904 was the right answer.

upvoted 0 times

...

Felicitas

7 days ago

Hmm, I was thinking it was 3904, but now I'm second-guessing myself.

upvoted 0 times

...

Grover

8 days ago

I'm not sure, but I think it's C) 4904. Can someone explain why it's not A) 4902?

upvoted 0 times

...

Kristine

9 days ago

I'm sure it's 4902, I've seen that in my security logs before.

upvoted 0 times

...

Alpha

14 days ago

I agree with Mira, because modifications to the audit policy are recorded as entries of Event ID 4902.

upvoted 0 times

...

Mira

16 days ago

I think the answer is A) 4902.

upvoted 0 times

...