INTRO TO ENDPOINT SECURITY

ENDPOINT SECURITY FUNDAMENTALS

What is the normal parent process of services.exe?

wininit.exe
 * wininit.exe > services.exe
   wininit.exe > services.exe > svchost.exe

What is the name of the network utility tool introduced in this task?

TCPView

Where do the Windows Event logs (.evtx files) typically reside?

C:\Windows\System32\winevt\Logs

Provide the command used to enter OSQuery CLI.

osqueryi

What does EDR mean? Provide the answer in lowercase.

endpoint detection and response

Last updated 21 days ago