A security analyst is determining the point of compromise after a company was hacked. The analyst checks the server logs and sees that a user account was logged in at night, and several large compressed files were exfiltrated. The analyst then discovers the user last logged in four years ago and was terminated. Which of the following should the security analyst recommend to prevent this type of attack in the future? (Choose two.)
A) Review and update the firewall settings
B) Restrict the compromised user account
C) Disable all user accounts that are not logged in to for 180 days
D) Enable a login banner prohibiting unauthorized use
E) Perform an audit of all company user accounts
F) Create a honeypot to catch the hacker
Correct Answer:
Verified
Q1080: An incident responder is preparing to acquire
Q1081: An administrator is disposing of media that
Q1082: A root cause analysis reveals that a
Q1083: A security analyst has been asked to
Q1084: A company notices that at 10 a.m.
Q1086: As a security measure, an organization has
Q1087: A systems administrator is implementing a remote
Q1088: An organization is setting up a satellite
Q1089: The IT department's on-site developer has been
Q1090: An email recipient is unable to open
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents