Certified SOC Analyst (CSA) — Question 52

Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI Context, and so on?

Answer options

• A. Keywords
• B. Task Category
• C. Level
• D. Source

Correct answer: A

Explanation

The correct answer is A, Keywords, as it identifies the specific type of event that occurred. Options B, C, and D do not pertain to the categorization of event types; instead, they refer to different aspects of event organization and severity.