John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints. Which of following Splunk query will help him to fetch related logs associated with process creation?
A.
index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..
B.
index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..
C.
index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..
D.
index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...
It's commonly used in process creation monitoring by SOC analysts to:
Detect suspicious process chains (like cmd.exe → powershell.exe)
Investigate malware execution
Monitor unauthorized software launches.
(ChatGPT)
This section is not available anymore. Please use the main Exam Page.312-39 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Berro_b
1 month, 3 weeks agoBerro_b
1 month, 3 weeks agoRuso_1985
7 months, 4 weeks agoBLAD_KD
7 months, 4 weeks ago