Which Windows component remains resident across reboots to monitor and log system activity?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Enhance your cyber defense skills with the Security Blue Team Level 1 Test. Prepare with flashcards, multiple choice questions, and detailed explanations to ace your exam!

Multiple Choice

Which Windows component remains resident across reboots to monitor and log system activity?

Explanation:
This question is about a component that stays active after a reboot to observe and record what happens on the system. Sysmon fits this role because it’s a Sysinternals tool designed to run as a Windows service. Once installed and configured, it starts with Windows and continuously logs detailed system events—such as process creations, network connections, and file actions—to the Windows Event Log. This persistent monitoring provides a rich, centralized record that remains available after reboots, which is crucial for security monitoring and incident response. The other options don’t serve this persistent monitoring role as effectively. Windows Defender is antivirus software focused on protecting the system from threats, not primarily a logging/monitoring component. Event Viewer is a UI for inspecting logs, not a background service that continuously logs activity. Task Scheduler runs tasks and can operate across reboots, but it isn’t about monitoring and recording system activity.

This question is about a component that stays active after a reboot to observe and record what happens on the system. Sysmon fits this role because it’s a Sysinternals tool designed to run as a Windows service. Once installed and configured, it starts with Windows and continuously logs detailed system events—such as process creations, network connections, and file actions—to the Windows Event Log. This persistent monitoring provides a rich, centralized record that remains available after reboots, which is crucial for security monitoring and incident response.

The other options don’t serve this persistent monitoring role as effectively. Windows Defender is antivirus software focused on protecting the system from threats, not primarily a logging/monitoring component. Event Viewer is a UI for inspecting logs, not a background service that continuously logs activity. Task Scheduler runs tasks and can operate across reboots, but it isn’t about monitoring and recording system activity.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy