Question 11 - CertNexus CFR-410 Real Exam Questions [Jan 2026 Update]

Q: 11

A security analyst has discovered that an application has failed to run. Which of the following is the tool MOST likely used by the analyst for the initial discovery?

Options

Correct Answer:

Explanation

The Windows Event Viewer is a management console component that allows administrators to view logs of significant system, security, and application events. The "Application" log is the designated repository for events logged by software programs. When an application fails to run or crashes, it typically generates an error or warning event that is recorded in this log. For an analyst performing initial discovery or triage, checking the Application log in the Event Viewer is a standard first step to identify what happened and gather preliminary details like faulting module and error codes.

Why Incorrect

A. syslog: This is a logging protocol and standard primarily used in Linux and UNIX-like operating systems, not the name of a specific tool for Windows.

B. MSConfig: This is a system configuration utility used to manage startup processes, boot options, and services, not for viewing application runtime error logs.

D. Process Monitor: This is an advanced, real-time monitoring tool for deep analysis of file system and registry activity, typically used for root cause analysis after an event has been discovered.

References

1. Microsoft Documentation: In the official documentation for the Event Viewer

Microsoft states

"Windows Logs include: Application (program) events. Events are classified as error

warning

or information

depending on the severity of the event." This confirms its role in logging application failures.

Source: Microsoft Learn

"Event Viewer"

Last Updated: 09/15/2023. Section: "What events are logged?".

2. NIST Special Publication: The National Institute of Standards and Technology (NIST) identifies application logs as a primary source for security event information. "Application logs can be used to detect and analyze application-level attacks

such as unauthorized access to information

as well as application-specific problems

such as an application crash."

Source: NIST SP 800-92

"Guide to Computer Security Log Management"

September 2006. Section 3.2.1

Page 3-2.

3. University Courseware: Reputable university cybersecurity programs teach the use of native OS tools for initial incident analysis. Course materials frequently cite the Event Viewer as the first tool to use when investigating application issues on Windows.

Source: Johns Hopkins University

Whiting School of Engineering

"EN.605.445 Windows System Administration" course materials. Module on "Monitoring and Troubleshooting

" which details using Event Viewer to diagnose application faults.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE