PdfPrep.com

Which of the following combinations describes what occurred, and what action should be taken in this situation?

When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry:

wmic /node: HRDepartment1 computersystem get username

Which of the following combinations describes what occurred, and what action should be taken in this situation?
A . A rogue user has queried for users logged in remotely. Disable local access to network shares.
B . A rogue user has queried for the administrator logged into the system. Attempt to determine who executed the command.
C . A rogue user has queried for the administrator logged into the system. Disable local access to use cmd prompt.
D . A rogue user has queried for users logged into in remotely. Attempt to determine who executed the command.

Answer: D

Exit mobile version