Logical Operations Exam CFR-210 Topic 5 Question 72 Discussion

Actual exam question for Logical Operations's CFR-210 exam

Question #: 72
Topic #: 5

The incident response team needs to track which user last connected to a specific Windows domain controller. Which of the following is the BEST way to identify that specific user?

ACheck Systems Event Log on the user's computer

BCheck Systems Event Log on the domain controller

CCheck Security Log on the user's computer

DCheck SecurityLog on the domain controller

Show Suggested Answer

Suggested Answer: A

by Lonna at Sep 11, 2024, 12:52 PM

Limited Time Offer

25%

Off

Get Premium CFR-210 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Otis

1 hours ago

I'm going with option D. Checking the Security Log on the domain controller is the best way to get the information we need. This is an incident response scenario, after all.

upvoted 0 times

...

Mike

3 days ago

I believe checking the Systems Event Log on the domain controller could also be helpful in identifying the specific user.

upvoted 0 times

...

Merilyn

4 days ago

The Security Log on the domain controller seems like the most logical choice to track the user's last connection. That's where the domain activity is recorded, right?

upvoted 0 times

...

Genevive

4 days ago

I agree with Taryn, checking the Security Log on the domain controller would provide the most accurate information.

upvoted 0 times

...

Taryn

12 days ago

I think the best way is to check the Security Log on the domain controller.

upvoted 0 times

...