0
0
PowerShellscripting~20 mins

Event log reading in PowerShell - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Event Log Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
What is the output of this PowerShell command reading event logs?
Given this command, what will it output?
PowerShell
Get-EventLog -LogName System -Newest 3 | Select-Object -Property EventID, Source
AError: The term 'Get-EventLog' is not recognized as the name of a cmdlet
B[{EventID=1001; Source=Application Error}, {EventID=7000; Source=Service Control Manager}, {EventID=6005; Source=EventLog}]
C[{EventID=1001; Source=Service Control Manager}, {EventID=7000; Source=Service Control Manager}, {EventID=6005; Source=EventLog}]
D[{EventID=4624; Source=Microsoft-Windows-Security-Auditing}, {EventID=4625; Source=Microsoft-Windows-Security-Auditing}, {EventID=4634; Source=Microsoft-Windows-Security-Auditing}]
Attempts:
2 left
💡 Hint
The System log contains events from system components like Service Control Manager.
📝 Syntax
intermediate
2:00remaining
Which option correctly filters Application log events with EventID 1000?
Select the PowerShell command that correctly gets Application log events where EventID equals 1000.
AGet-EventLog -LogName Application | Where { EventID == 1000 }
BGet-EventLog -LogName Application | Where-Object { $_.EventID -eq 1000 }
CGet-EventLog -LogName Application | Where-Object { EventID = 1000 }
DGet-EventLog -LogName Application | Where-Object { $_.EventID = 1000 }
Attempts:
2 left
💡 Hint
Remember to use $_ to refer to the current object and -eq for comparison.
🔧 Debug
advanced
2:00remaining
Why does this script fail to get Security log events?
This script returns an error: Get-EventLog -LogName Security -Newest 5 Error: Access is denied. What is the cause?
AThe user lacks administrative privileges required to read the Security log.
BThe Security log does not exist on this system.
CThe -Newest parameter is not valid for the Security log.
DThe Get-EventLog cmdlet cannot read any logs on this system.
Attempts:
2 left
💡 Hint
Security logs require special permissions to access.
🚀 Application
advanced
2:00remaining
How to export the last 10 System log events to a CSV file?
Which command exports the last 10 events from the System log to a CSV file named systemlog.csv?
AGet-EventLog -LogName System -Newest 10 > systemlog.csv
BGet-EventLog -LogName System | Select-Object -Last 10 | Export-Csv systemlog.csv
CGet-EventLog -LogName System -Last 10 | Export-Csv -Path systemlog.csv
DGet-EventLog -LogName System -Newest 10 | Export-Csv -Path systemlog.csv -NoTypeInformation
Attempts:
2 left
💡 Hint
Use the -Newest parameter and Export-Csv with -NoTypeInformation to avoid extra type info.
🧠 Conceptual
expert
2:00remaining
What is the main difference between Get-EventLog and Get-WinEvent for reading event logs?
Choose the correct statement about the difference between Get-EventLog and Get-WinEvent.
AGet-WinEvent supports newer event logs and XML filtering, while Get-EventLog only supports classic logs.
BGet-EventLog can read all event logs including Security, but Get-WinEvent cannot.
CGet-EventLog is faster and more efficient than Get-WinEvent for all logs.
DGet-WinEvent only works on Windows Server editions, not on client Windows.
Attempts:
2 left
💡 Hint
One cmdlet is newer and more powerful with advanced filtering.