Posted by: Pdfprep
Post Date: May 21, 2021
A security analyst is determining the point of compromise after a company was hacked. The analyst checks the server logs and sees that a user account was logged in at night, and several large compressed files were exfiltrated. The analyst then discovers the user last logged in four years ago and was terminated.
Which of the following should the security analyst recommend to prevent this type of attack in the future?
(Choose two.)
A . Review and update the firewall settings
B . Restrict the compromised user account
C . Disable all user accounts that are not logged in to for 180 days
D . Enable a login banner prohibiting unauthorized use
E . Perform an audit of all company user accounts
F . Create a honeypot to catch the hacker
Answer: BE
Leave a Reply