Logical Operations Exam CFR-210 Topic 5 Question 72 Discussion

Actual exam question for Logical Operations's CFR-210 exam

Question #: 72
Topic #: 5

The incident response team needs to track which user last connected to a specific Windows domain controller. Which of the following is the BEST way to identify that specific user?

ACheck Systems Event Log on the user's computer

BCheck Systems Event Log on the domain controller

CCheck Security Log on the user's computer

DCheck SecurityLog on the domain controller

Show Suggested Answer

Suggested Answer: A

by Lonna at Sep 11, 2024, 12:52 PM

Limited Time Offer

25%

Off

Get Premium CFR-210 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Theola

6 days ago

Haha, good luck trying to check the user's computer event logs. That's just going to lead you on a wild goose chase. Domain controller logs all the way!

upvoted 0 times

...

Otis

9 days ago

I'm going with option D. Checking the Security Log on the domain controller is the best way to get the information we need. This is an incident response scenario, after all.

upvoted 0 times

...

Mike

12 days ago

I believe checking the Systems Event Log on the domain controller could also be helpful in identifying the specific user.

upvoted 0 times

...

Merilyn

13 days ago

The Security Log on the domain controller seems like the most logical choice to track the user's last connection. That's where the domain activity is recorded, right?

upvoted 0 times

...

Genevive

13 days ago

I agree with Taryn, checking the Security Log on the domain controller would provide the most accurate information.

upvoted 0 times

...

Taryn

21 days ago

I think the best way is to check the Security Log on the domain controller.

upvoted 0 times

...