In order to comply with new auditing standards, a security administrator must be able to correlate system security alert logs directly with the employee who triggers the alert. Which of the following should the security administrator implement in order to meet this requirement?
A. Access control lists on file servers
B. Elimination of shared accounts
C. Group-based privileges for accounts
D. Periodic user account access reviews
B seems to make more sense, but this doesn’t seem like an ICND2 question.
I think this should be B