An organization has been notified that a dis grunted, terminated IT administrator has tried to break into the corporate network.
Which of the following discoveries should be of GREATEST concern to the organization?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
In the given scenario, a disgruntled, terminated IT administrator has attempted to break into the corporate network. This indicates a serious security breach that requires immediate attention and action from the organization. The organization needs to identify and address the specific nature of the breach to prevent further damage.
Out of the given options, the discovery that should be of the greatest concern to the organization is the authentication logs being disabled (Option D). Authentication logs are essential for tracking user access to the network, including successful and failed attempts. They provide a record of who accessed the system, when, and from where, which helps identify potential security breaches and track any unauthorized access.
If authentication logs have been disabled, it becomes challenging to identify who is accessing the network, which increases the risk of unauthorized access and malicious activities. It also hinders the organization's ability to investigate the breach, determine the scope of the damage, and take corrective action.
A brute force attack (Option A) is an attempt to gain unauthorized access by trying multiple passwords or passphrases combinations. While this type of attack can cause damage, it is not as concerning as authentication logs being disabled.
An external vulnerability scan (Option B) is a method of identifying potential weaknesses in the organization's network, systems, or applications that an attacker could exploit. While it is essential to detect and address vulnerabilities, it is not as urgent as disabled authentication logs.
An increase in support requests (Option C) could indicate potential issues, but it is not necessarily an indicator of a security breach. It could be due to other factors such as a new software release, system maintenance, or other operational issues.
In conclusion, the discovery of authentication logs being disabled is the most concerning out of the given options. The organization should investigate this issue immediately, identify the extent of the damage, and take corrective action to prevent further breaches.