An organization prohibits users from logging in to the administrator account. If a user requires elevated permissions, the user's account should be part of an administrator group, and the user should escalate permission only as needed and on a temporary basis. The organization has the following reporting priorities when reviewing system activity:
– Successful administrator login reporting priority high
– Failed administrator login reporting priority medium
– Failed temporary elevated permissions low
– Successful temporary elevated permissions non-reportable
A security analyst is reviewing server syslogs and sees the following:
Which of the following events is the HIGHEST reporting priority?
A. <100>2 2020-01-10T20:36:01.010Z financeserver sudo 201 32001 – BOM 'sudo vi users.txt' success
B. <100>2 2020-01-10T21:18:34.002Z adminserver sudo 201 32001 – BOM 'sudo more / etc/passwords' success
C. <100>2 2020-01-10T19:33:48.002Z webserver su 201 32001 – BOM 'su' success
D. <100>2 2020-01-10T21:53:11.002Z financeserver su 201 32001 – BOM 'su vi syslog.conf failed for joe
– Successful administrator login reporting priority high
– Failed administrator login reporting priority medium
– Failed temporary elevated permissions low
– Successful temporary elevated permissions non-reportable
A security analyst is reviewing server syslogs and sees the following:
Which of the following events is the HIGHEST reporting priority?
A. <100>2 2020-01-10T20:36:01.010Z financeserver sudo 201 32001 – BOM 'sudo vi users.txt' success
B. <100>2 2020-01-10T21:18:34.002Z adminserver sudo 201 32001 – BOM 'sudo more / etc/passwords' success
C. <100>2 2020-01-10T19:33:48.002Z webserver su 201 32001 – BOM 'su' success
D. <100>2 2020-01-10T21:53:11.002Z financeserver su 201 32001 – BOM 'su vi syslog.conf failed for joe