PowerShell PBQs: CISSP - Certified Information Systems Security Professional
easyQuestion 1 of 3
You are a security operations manager performing a routine audit of a Windows domain controller named DC-CORP-01. As part of your organization's security monitoring procedures, you need to review the Windows event log to verify that audit logging is capturing authentication events and to check for any anomalous login patterns.
Objectives
- •Review the Security event log for authentication events and identify any failed logon attempts
PowerShell
PS C:\Users\AuditAdmin>
Type cmdlets and press Enter to execute. Use ↑↓ to navigate history. Tab to autocomplete. Ctrl+C to cancel, Ctrl+L to clear.
Progress
0 of 1 steps detectedRun at least one command to mark this question complete
0 of 3 marked complete