Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM Exam CFA-001 Topic 4 Question 109 Discussion

Actual exam question for GAQM's CFA-001 exam
Question #: 109
Topic #: 4
[All CFA-001 Questions]

When a system is compromised, attackers often try to disable auditing, in Windows 7; modifications to the audit policy are recorded as entries of Event ID____________.

Show Suggested Answer Hide Answer
Suggested Answer: A

by Gianna at Jul 10, 2025, 01:00 AM

Limited Time Offer

25%

Off

Get Premium CFA-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Shawn
8 days ago
Hmm, this is a tricky one. Disabling auditing is a classic move by attackers, so we need to know the right Event ID to look for. I'm going with C) 4904 - it just sounds right to me.
upvoted 0 times
Helene
4 days ago
I think it's A) 4902, that's the one to watch out for.
upvoted 0 times
...
...
Erinn
10 days ago
I agree with Brandon, because modifications to the audit policy are recorded as entries of Event ID 4902.
upvoted 0 times
...
Brandon
16 days ago
I think the answer is A) 4902.
upvoted 0 times
...

Save Cancel