[&] How can one identify suspicious services interacting with Windows executables?
- By checking if services interact with unknown directories
- By deleting all user-created services
- By finding interactions with executables stored in the Windows folder
- By observing graphical user interface changes

[&] What is a common tactic used by attackers to evade detection in logs?
- Encrypting legitimate process names
- Naming their malware like legitimate Windows processes
- Logging all system activities
- Deleting system event logs

[&] Which Windows event IDs are crucial for detecting service creation?
- 1234, 5678
- 7045, 4697
- 9999, 8888
- 0001, 0002

[&] Why is it important to modify fields in Kibana when exploring data?
- To reduce storage space
- To enhance understanding of the data
- To improve data visualization
- To increase indexing speed