A security incident has been filed and an employee believes that someone has been on the computer since the employee left last night. The employee states that the computer was turned off before the employee left for the evening. The computer is running slowly and applications are acting strangely. Which Microsoft Windows tool would be used by the security analyst to determine if and when someone logged on to the computer after working hours?

IT Questions Bank › Category: CCNA CyberOps › A security incident has been filed and an employee believes that someone has been on the computer since the employee left last night. The employee states that the computer was turned off before the employee left for the evening. The computer is running slowly and applications are acting strangely. Which Microsoft Windows tool would be used by the security analyst to determine if and when someone logged on to the computer after working hours?

Task Manager
Event Viewer
PowerShell
Performance Monitor

Explanation: Event Viewer is used to investigate the history of application, security, and system events. Events show the date and time that the event occurred along with the source of the event. If a cybersecurity analyst has the address of the Windows computer targeted or the date and time that a security breach occurred, the analyst could use Event Viewer to document and prove what occurred on the computer.

Exam with this question: CCNA Cyber Ops Practice Final Exam Answers
Exam with this question: CyberOps Associate (Version 1.0) - Module 3: The Windows Operating System Quiz Answers
Exam with this question: 1.5.2 Quiz - The Windows Operating System
Exam with this question: 7.5.2 The Windows Operating System Quiz