Computer Hacking Forensic Investigator (CHFI) Practice Exam 2025 – The Complete All-in-One Guide to Exam Mastery!

Question: 1 / 400

In Windows 7, modifications to the audit policy are recorded under Event ID __________.

4902

In Windows 7, modifications to the audit policy are recorded under Event ID 4902. This particular event ID is specifically designed to log changes made to the audit policy settings, which includes enabling or disabling auditing for various system events.

Understanding this event ID is crucial for computer forensic investigations because it allows investigators to track unauthorized changes to the audit settings, which may indicate tampering or attempts to hide malicious activities. Each of the other event IDs provided pertains to different events in the Windows 7 event log system and does not specifically log changes to the audit policy, making 4902 the relevant choice for this context.

Get further explanation with Examzify DeepDiveBeta

3902

4904

3904

Next Question

Report this question

Download Computer Hacking Forensic Investigator (CHFI) Practice Exam PDF Study Guide
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy