A database was compromised by guessing the password for a shared administrative account and confidential
customer information was stolen. The information security manager was able to detect this breach by analyzing
which of the following?
A.
Invalid logon attempts
B.
Write access violations
C.
Concurrent logons
D.
Firewall logs
Explanation:
Since the password for the shared administrative account was obtained through guessing, it is probable that there were multiple unsuccessful logon attempts before the correct password was deduced. Searching the logs for invalid logon attempts could, therefore, lead to the discovery of this unauthorized activity. Because the account is shared, reviewing the logs for concurrent logons would not reveal unauthorized activity since concurrent usage is common in this situation. Write access violations would not necessarily be observed since the information was merely copied and not altered. Firewall logs would not necessarily contain information regarding logon attempts.