ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 409 discussion

Actual exam question from CompTIA's CS0-002
Question #: 409
Topic #: 1
[All CS0-002 Questions]

A security analyst is reviewing the event logs on an air-gapped workstation. The analyst knows the system is used regularly for classified work. Additionally, the analyst knows multiple users locked themselves out and required a password reset. When reviewing the logs, the security analyst is surprised to see that these incidents were not recorded in the logs. Which of the following is the best remediation for this issue?

  • A. Modify the local group policy to use advanced logging.
  • B. Install third-party software to log the events remotely.
  • C. Require users to log a trouble ticket when failures occur.
  • D. Ensure the analyst has the correct permissions to view the logs.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by soupra at Oct. 26, 2023, 3 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kumax
1 year, 8 months ago
Selected Answer: A
ChatGPT: A. Modify the local group policy to use advanced logging. By modifying the local group policy settings to enable advanced logging, you can capture more detailed and comprehensive event logs on the air-gapped workstation. This will help in recording incidents like user lockouts and password resets, which might not be logged with standard settings. Advanced logging can provide more visibility and ensure that critical events are properly recorded for security and auditing purposes.
upvoted 1 times
...
kmordalv
1 year, 8 months ago
Selected Answer: A
If the security analyst is surprised to see that these incidents were not recorded in the logs it is not a permissions problem but rather that the events are not being recorded correctly.
upvoted 3 times
...
soupra
1 year, 8 months ago
Selected Answer: D
B. Incorrect as the system is air-gapped. C. Incorrect. Logging a support may also require network connection. I am split between A and D. But if I had to choose one, it would be D. Not sure if he can make group policy changes on a system handling highly confidential system. Would love others' input on this.
upvoted 1 times
soupra
1 year, 8 months ago
Upon further reflection, I am changing my answer to A.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel