Which of the following combinations describes what occurred, and what action should be taken in this situation?

Posted by: Pdfprep Category: CS0-001 Tags: CompTIA CySA+, CS0-001 exam questions, CS0-001 practice exam Post Date: October 29, 2020

When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry:

wmic /node: HRDepartment1 computersystem get username

Which of the following combinations describes what occurred, and what action should be taken in this situation?
A . A rogue user has queried for users logged in remotely. Disable local access to network shares.
B . A rogue user has queried for the administrator logged into the system. Attempt to determine who executed the command.
C . A rogue user has queried for the administrator logged into the system. Disable local access to use cmd prompt.
D . A rogue user has queried for users logged into in remotely. Attempt to determine who executed the command.

Answer: D

Which of the following combinations describes what occurred, and what action should be taken in this situation?

Author

Leave a Reply Cancel reply