Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. Cisco
  4. CyberOps Professional
  5. 300-215 Discussions
  6. 300-215 Exam Topic 4 Question 32 Discussion

Cisco Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) 300-215 Question # 32 Topic 4 Discussion

 Cisco Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Cisco Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) 300-215 Question # 32 Topic 4 Discussion

300-215 Exam Topic 4 Question 32 Discussion:
Question #: 32
Topic #: 4

An organization uses a Windows 7 workstation for access tracking in one of their physical data centers on which a guard documents entrance/exit activities of all personnel. A server shut down unexpectedly in this data center, and a security specialist is analyzing the case. Initial checks show that the previous two days of entrance/exit logs are missing, and the guard is confident that the logs were entered on the workstation. Where should the security specialist look next to continue investigating this case?
A.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

B.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList

C.

HKEY_CURRENT_USER\Software\Classes\Winlog

D.

HKEY_LOCAL_MACHINES\SOFTWARE\Microsoft\WindowsNT\CurrentUser

Get Premium 300-215 Questions
Actual exam question for Cisco 300-215 exam by Cyra5600 at Feb 27, 2026, 12:00:22 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next