0 votes
in CISA by
After observing suspicious activities in a server, a manager requests a forensic analysis.

Which of the following findings should be of MOST concern to the investigator?

A. Server is a member of a workgroup and not part of the server domain

B. Guest account is enabled on the server

C. Recently, 100 users were created in the server

D. Audit logs are not enabled for the server

1 Answer

0 votes
by

D. Audit logs are not enabled for the server

Reason: 

Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enabled on a system is a poor security practice but not a forensic investigation concern.

Recently creating 100 users in the server may have been required to meet business needs and should not be a concern.

Related questions

0 votes
asked Mar 10, 2022 in Security Incident Management and Forensics by rajeshsharma
0 votes
asked Jan 7, 2020 in Big Data | Hadoop by sharadyadav1986
...