Which of the following situations would be the MOST concern to a security manager?
A.
Audit logs are not enabled on a production server
B.
The logon ID for a terminated systems analyst still exists on the system
C.
The help desk has received numerous results of users receiving phishing e-mails
D.
A Trojan was found to be installed on a system administrator’s laptop
Explanation:
The discovery of a Trojan installed on a system’s administrator’s laptop is highly significant since
this may mean that privileged user accounts and passwords may have been compromised. The
other choices, although important, do not pose as immediate or as critical a threat.