Security Essentials, Lab Manual page 31

Chapter 3 Security Evaluation 31 Copyright Goodheart-Willcox Co., Inc. May not be reproduced or posted to a publicly accessible website. Name ________________________________________________________________ 17. Suppose you want to know how many different instance IDs exist in a log and the count of each. Run the get-eventlog cmdlet on the System event log, but pipe the output to the group-object cmdlet by adding -property instanceid. The full command is get-eventlog -logname system |group-object -property instanceid. Create and save a screenshot. 18. The command entry in the previous step provides detail, but it is not in a logical order. Run the command entry again, and add an additional option to sort it by the instance ID count. Pipe it to the sort-object cmdlet using the count property by entering get-eventlog -logname system |group-object -property instanceid |sort-object -property count. Which event had the largest count? Create and save a screenshot. _ _________________________________________________________________________________________________________________ 19. Run the get-eventlog cmdlet on the System event log to look for entries that are errors. Use the -entrytype error switch, and pipe the output to the more cmdlet by entering get-eventlog -logname -entrytype error. Create and save a screenshot. 20. Customizing output and results can provide deeper analysis. Run the command entry from the previous step again, but this time, omit the entry type. Limit the search results and modify the display properties by keying the following command: get-eventlog -logname -newest 5 |format-table -property Index,Message. Create and save a screenshot. 21. Close PowerShell. 22. Click the windows Start menu, enter Task Scheduler, and select the Task Scheduler desktop app. The Task Scheduler can be used to modify or remove the scheduled task you created earlier. 23. Expand the Task Scheduler Library Event Viewer Tasks branch. The scheduled task you created previously will be located here. 24. In the middle pane, double-click to open the tasks, and navigate through the various tabs to view the settings. The History tab shows the time the task was created or registered and any time the task may have been triggered. Create and save a screenshot of this history. Click OK to close this task. 25. With your task selected, click the Delete button in the Actions pane. When prompted, click the Yes button to confirm deleting the task. 26. Searching through event logs for possible errors or suspected breaches of security can be time-consuming. What are some ways you can be more proactive in looking for possible errors or suspected breaches? _ ________________________________________________________________________________________________________ ________________________________________________________________________________________________________ __________________________________________________________________________________________________________________ _______________________________________________________________________________________________________

Previous Page Next Page

Security Essentials, Lab Manual Page 31 (39 of 232)

Resources and Downloads

Help