When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry:
wmic /node: HRDepartment1 computersystem get username
Which of the following combinations describes what occurred, and what action should be taken in this situation?
A . A rogue user has queried for users logged in remotely. Disable local access to network shares.
B . A rogue user has queried for the administrator logged into the system. Attempt to determine who executed the command.
C . A rogue user has queried for the administrator logged into the system. Disable local access to use cmd prompt.
D . A rogue user has queried for users logged into in remotely. Attempt to determine who executed the command.
Answer: D