John is investigating a situation where an internal user’s PC has been hacked by another internal user in the organization. Which of the following locations should he check to determine the source of the attack?
Explanation
Answer: D - To find out the source of the attack, go through the audit logs on the computer which has been attacked.
Key Takeaway: Audit logging events can help you monitor your computer or network and prevent a successful attack. It can also prove very useful in determining how and when an attack occurred if you use the logs as forensic evidence. To enable audit logging in Windows, click Start, click All Programs, click Administrative Tools, select Local Security Policy, and click on the + next to Local Policies and select Audit Policy.
