CySA+ CS0-001 – Q. 340

0
31

When reviewing the system logs, the cybersecurity analyst noticed a suspicious log entry:
wmic /node: HRDepartment1 computersystem get username
Which of the following combinations describes what occurred, and what action should be taken in this situation?

A. A rogue user has queried for users logged in remotely. Disable local access to network shares.
B. A rogue user has queried for the administrator logged into the system. Attempt to determine who executed the command.
C. A rogue user has queried for the administrator logged into the system. Disable local access to use cmd prompt.
D. A rogue user has queried for users logged into in remotely. Attempt to determine who executed the command.

LEAVE A REPLY

Please enter your comment!
Please enter your name here