One morning an employee complains that he cannot logon to the domain because his user account is locked out. You unlock his account in Active Directory Users and the Computers snap-in. The next day he is complaining that his account is locked out again. You suspect that an attacker is attempting to crack the his password. Which of the following should you do to verify this?
Explanation
Answer - C - To fix this issue, you should search for security events in the event logs of all domain controllers in all sites.
Key Takeaway: The Event Viewer displays event log data. Security log events include failed or successful logon attempts, creating, opening or deleting files, changing properties or permissions on user accounts and groups, and so on. Domain user accounts are stored in an Active Directory domain. Active Directory is deployed on each domain controller and domain user accounts are replicated throughout a domain.
