An administrator is investigating an incident where an unauthorized user gained access to a server
and modified HR files. The administrator has a tested theory as to how the user accomplished
this. Which of the following actions should the administrator take NEXT?
A.
Perform a root cause analysis.
B.
Implement a change to the servers.
C.
Establish a plan of action to resolve the issue.
D.
Question users prior to implementing the solution.