Windows 10 (legacy) — Question 68

You enable controlled folder access in audit mode for several computers that run Windows 10.
You need to review the events audited by controlled folder access.
Which Event Viewer log should you view?

Answer options

• A. Windows\Security
• B. Applications and Services\Microsoft\Windows\Known Folders\Operational
• C. Applications and Services\Microsoft\Windows\Windows Defender\Operational

Correct answer: C

Explanation

The correct answer is C because the events related to controlled folder access are logged under Windows Defender's operational log. Option A is incorrect as it is a general security log, and option B does not pertain specifically to controlled folder access auditing.