Next Steps for Unusual User Login Activity

C.

In this scenario, the network administrator has noticed unusual activity with a user's login credentials on the network. The user is attempting multiple simultaneous logins across the network, some of which are attempting to access workstations and servers to which the user does not have access.

The next step for the network administrator would be to take immediate action to prevent any further unauthorized access to the network resources.

Option A, deleting the user's AD account, is a drastic measure that should only be taken as a last resort. It would completely remove the user from the network and could result in data loss and other issues.

Option B, decreasing the user's AD privileges, is a more appropriate response. This would limit the user's access to certain resources on the network, which could prevent further unauthorized access. However, this may not be sufficient if the user's credentials have already been compromised.

Option C, disabling the user's AD account, is a reasonable response. Disabling the account would prevent the user from logging in and accessing any network resources until the issue has been resolved. This would allow the network administrator to investigate and determine the extent of the problem.

Option D, resetting the password on the user's AD account, is also a reasonable response. This would prevent the user from accessing the network with their current credentials, which may have been compromised. However, if the attacker has already obtained the new password, this option would be ineffective.

In conclusion, the best course of action in this scenario would be to disable the user's AD account and then investigate the issue further to determine the extent of the problem and take appropriate measures to prevent it from happening again in the future.