Which of the following combinations describes what occurred, and what action should be taken in this situation?

– by 0

When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry: wmic /node: HRDepartment1 computersystem get username
Which of the following combinations describes what occurred, and what action should be taken in this situation?
A. A rogue user has queried for users logged in remotely. Disable local access to network shares.
B. A rogue user has queried for the administrator logged into the system. Attempt to determine who executed the command.
C. A rogue user has queried for the administrator logged into the system. Disable local access to use cmd prompt.
D. A rogue user has queried for users logged into in remotely. Attempt to determine who executed the command.

CS0-002: CompTIA CySA+ Exam

FULL Printable PDF and Software. VALID exam to help you PASS.
comptia-exams

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.