PrepAway - Latest Free Exam Questions & Answers

What would be of GREATEST concern if discoveredduring a forensic investigation?

A technical lead who was working on a major project has left the organization. The project
manager reports suspicious system activities on one of the servers that is accessible to the whole
team. What would be of GREATEST concern if discoveredduring a forensic investigation?

PrepAway - Latest Free Exam Questions & Answers

A.
Audit logs are not enabled for the system

B.
A logon ID for the technical lead still exists

C.
Spyware is installed on the system

D.
A Trojan is installed on the system

Explanation:

Audit logs are critical to the investigation of the event; however, if not enabled, misuse of the logon
ID of the technical lead and the guest account could not be established. The logon ID of the
technical lead should have been deleted as soon as the employee left the organization but,
without audit logs, misuse of the ID is difficult to prove. Spyware installed on the system is a
concern but could have been installed by any user and, again, without the presence of logs,
discovering who installed the spyware is difficult. A Trojan installed on the system is a concern, but
it can be done by any user as it is accessible to the whole group and, without the presence of logs,
investigation would be difficult.


Leave a Reply