Domain.com has employed you as a network administrator. The Domain.com network consists of a single Active Directory domain named Domain.com. All servers on the Domain.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista.
You are responsible for managing two domain controllers named CERTKILLER-DC01 and CERTKILLER-DC02. You receive numerous complaints from other administrators attempting to log on to CERTKILLER-DC01 and CERTKILLER-DC02. You decide to determine the logon attempts on CERTKILLER-DC01 and CERTKILLER-DC02.
What should you do?
A.
You should consider checking the security tab on the domain controller computer object.
B.
You should consider accessing the Event Viewer on the Administrators workstations.
C.
You should consider checking the security log on domain controller using event viewer.
D.
You should consider checking executing the netsh/events command on the command prompt.
Explanation:
In order to identify the logon attempts on the domain controllers you need to access the Event Viewer and check the logon attempts. The Event viewer will tell you the IP address and other details of the user account which was used to logon to the domain controllers.
Correct answer is C