Event Logs

Question 1

A user logged on to this computer

Answer 1

Event ID: 2

Question 2

A user or computer logged on to this computer from the network

Answer 2

Event ID: 3

Question 3

Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention

Answer 3

Event ID: 4

Question 4

A service was started by the service control manager

Answer 4

Event ID: 5

Question 5

The workstation was unlocked

Answer 5

Event ID: 7

Question 6

A user logged on to the computer from the network. The user’s password was passed to the authentication package in its unhashed form

Answer 6

Event ID: 8

Question 7

A caller cloned its current token and specified new credentials for outbound connections

Answer 7

Event ID: 9

Question 8

A user logged on to this computer remotely using Terminal Services or Remote Desktop

Answer 8

Event ID: 10

Question 9

A user logged on to this computer with network credentials that were stored locally on the computer

Answer 9

Event ID: 11

Question 10

A new process has been created

Answer 10

Event ID: 4688

Question 11

The Windows Filtering Platform has allowed connection

Answer 11

Event ID: 5156

Question 12

A service was installed in the system

Answer 12

Event ID: 7045

Question 13

A registry value was modified

Answer 13

Event ID: 4657

Question 14

an object was deleted

Answer 14

Event ID: 4660

Question 15

an attempt was made to access an object

Answer 15

Event ID: 4663

Question 16

Service has entered the stopped state.

Answer 16

Event ID: 7036

Question 17

The start type of service was changed from autostart to demand start/auto start to disabled

Answer 17

Event ID: 7040