Which of the following has occurred?
The analyst reviews the following endpoint log entry:
Which of the following has occurred?
A . Registry change
B. Rename computer
C. New account introduced
D. Privilege escalation
Answer: C
Explanation:
The endpoint log entry shows that a new account named “admin” has been created on a Windows system with a local group membership of “Administrators”. This indicates that a new account has been introduced on the system with administrative privileges. This could be a sign of malicious activity, such as privilege escalation or backdoor creation, by an attacker who has compromised the system.
Latest CS0-003 Dumps Valid Version with 128 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Subscribe
Login
0 Comments
Inline Feedbacks
View all comments