Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Identify the Windows-based command used by Ethan to view information about all opened sessions.

  1. Event ID 4657

  2. Get-EventLog

  3. Net Session

  4. Whoami

The correct answer is: Event ID 4657

The command used to view information about all opened sessions in a Windows environment is "net session." This command provides details regarding active connections to a shared resource on the system, allowing an administrator to see who is connected and their session status. The other mentioned options serve different purposes. "Event ID 4657" pertains specifically to Windows Security Event Logs, indicating changes to objects like files or registry keys, rather than active sessions. "Get-EventLog" is a PowerShell command used to retrieve the events from event logs on a local or remote machine but doesn't focus specifically on user sessions. "Whoami" displays the current user’s identity and context but does not provide information about all open sessions on the machine. In summary, "net session" is the command that specifically meets the requirement of viewing information about opened sessions, making it the correct choice.

More Questions Like This