A security incident has been created after noticing unusual behavior from a Windows domain controller. The server administrator has discovered that a user logged in to the server with elevated permissions, but the user's account does not follow the standard corporate naming scheme. There are also several other accounts in the administrators group that do not follow this naming scheme. Which of the following is the possible cause for this behavior and the BEST remediation step? A. The Windows Active Directory domain controller has not completed synchronization, and should force the domain controller to sync. B. The server has been compromised and should be removed from the network and cleaned before reintroducing it to the network. C. The server administrator created user accounts cloning the wrong user ID, and the accounts should be removed from administrators and placed in an employee group. D. The naming scheme allows for too many variations, and the account naming convention should be updates to enforce organizational policies. Â Suggested Answer: D This question is in CS0-001 CompTIA Cybersecurity Analyst (CySA+) Exam For getting CompTIA Cybersecurity Analyst (CySA+) Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by CompTIA. Trademarks, certification & product names are used for reference only and belong to CompTIA. The website does not contain actual questions and answers from CompTIA's Certification Exams.
Please login or Register to submit your answer
