Lab S01 — Knowledge Check

10 questions · Select all that apply where indicated · Submit when ready to see your results

Question 1

Sysmon is only for Windows.

True False

Question 2

Sysmon tracks which of the following?

Select all that apply

Network traffic Code behavior File system changes System activity

Question 3

Sysmon debuted in which year?

2005 2006 2011 2014

Question 4

What user account does the Splunk Universal Forwarder run as on Windows 10?

NT Service\SplunkForwarder Local System Administrator Splunk

Question 5

Lusrmgr is a native Windows management program.

True False

Question 6

What Windows group does the Splunk Forwarder need membership in to read and forward Sysmon logs?

Device Owner Performance Log Users Event Log Readers System Managed Accounts Group

Question 7

Why is adding "Everyone" to the Event Log Readers group a problem?

This creates too many logs This violates the principle of least privilege This makes log access more difficult This violates integrity principles

Question 8

What Microsoft software suite is Sysmon part of?

Sysinternals PowerShell Windows Server Intune

Question 9

What format are Sysmon logs forwarded in when using the renderXml = true setting?

JSON HTML CSV XML

Question 10

What language is used in Splunk Search & Reporting to query indexed data?

SQL KQL SPL AQL

Scroll up to review your answers and explanations.