In order to comply with new auditing standards, a security administrator must be able to correlate system security alert logs directly with the employee who triggers the alert. Which of the following should the security administrator implement in order to meet this requirement?
A. Access control lists on file servers
B. Elimination of shared accounts
C. Group-based privileges for accounts
D. Periodic user account access reviews
Pass Cisco CCNA 200-301 Exam in First AttemptFULL Printable PDF and Software. VALID exam to help you pass. |
I would say that –
B. Elimination of shared accounts
Is the most correct answer.
In essence that would be very helpful ,but what they are looking for is Syslog – User information which you would only see when auditing user accounts like stated in D.
you are not wrong its just not what they are asking for.