[&] What type of events would you expect to find in the PowerShell channel?
- Script block logging
- Network failures
- Disk space usage
- User login attempts

[&] Why is the Sysmon channel important for incident responders?
- It offers detailed data not available in standard logs
- It provides aesthetic enhancements to logs
- It collects logs from web browsers
- It only logs user interface changes

[&] Which log source is crucial for detecting brute force attacks in Windows environments?
- WMI activity channel
- Security channel
- PowerShell
- Sysmon

[&] What is the primary function of a provider in Windows Logging?
- To transmit event logs to external SIEM platforms
- To analyze collected logs and generate automated incident reports
- To generate and publish events from specific system components or applications
- To archive all log data for compliance and long-term storage

[&] Which channel is used to detect fileless malware using PowerShell commands?
- PowerShell channel
- Debug channel
- Sysmon channel
- Analytics channel