When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry: wmic /node: HRDepartment1 computersystem get username Which of the following combinations describes what occurred, and what action should be taken in this situation?

Questions › Category: CS0-001 › When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry: wmic /node: HRDepartment1 computersystem get username Which of the following combinations describes what occurred, and what action should be taken in this situation?

0 Vote Up Vote Down

Admin Staff asked 6 months ago

When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry: wmic /node: HRDepartment1 computersystem get username
Which of the following combinations describes what occurred, and what action should be taken in this situation?

A. A rogue user has queried for users logged in remotely. Disable local access to network shares.

B. A rogue user has queried for the administrator logged into the system. Attempt to determine who executed the command.

C. A rogue user has queried for the administrator logged into the system. Disable local access to use cmd prompt.

D. A rogue user has queried for users logged into in remotely. Attempt to determine who executed the command.








 

Suggested Answer: D





This question is in CS0-001 CompTIA Cybersecurity Analyst (CySA+) Exam
For getting CompTIA Cybersecurity Analyst (CySA+) Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.

When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry: wmic /node: HRDepartment1 computersystem get username Which of the following combinations describes what occurred, and what action should be taken in this situation?

Which of the following describes why it is important for an organization's incident response team and legal department to meet and discuss communication processes during the incident response process?

AZ-104 Practice Test Free

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password

When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry: wmic /node: HRDepartment1 computersystem get username Which of the following combinations describes what occurred, and what action should be taken in this situation?

Which of the following describes why it is important for an organization's incident response team and legal department to meet and discuss communication processes during the incident response process?

AZ-104 Practice Test Free

Related Questions

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password