Prev Question
Next Question

After observing suspicious activities in a server, a manager requests a forensic analysis.
Which of the following findings should be of MOST concern to the investigator?

Server is a member of a workgroup and not part of the server domain

Guest account is enabled on the server

Recently, 100 users were created in the server

Audit logs are not enabled for the server

Audit logs can provide evidence which is required to proceed with an investigation and should not
be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a
concern. Having a guest account enabled on a system is apoor security practice but not a forensic
investigation concern. Recently creating 100 users in the server may have been required to meet
business needs and should not be a concern.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *