Which of the following findings should be of MOST concern to the investigator?

Last Updated on December 27, 2021 by Admin 3

After observing suspicious activities in a server, a manager requests a forensic analysis.

Which of the following findings should be of MOST concern to the investigator?

  • Server is a member of a workgroup and not part of the server domain
  • Guest account is enabled on the server
  • Recently, 100 users were created in the server
  • Audit logs are not enabled for the server
Explanation: 
Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enabled on a system is a poor security practice but not a forensic investigation concern. Recently creating 100 users in the server may have been required to meet business needs and should not be a concern.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments