CompTIA CySA+ (CS0-001) — Question 87

A security incident has been created after noticing unusual behavior from a Windows domain controller. The server administrator has discovered that a user logged in to the server with elevated permissions, but the user's account does not follow the standard corporate naming scheme. There are also several other accounts in the administrators group that do not follow this naming scheme. Which of the following is the possible cause for this behavior and the BEST remediation step?

Answer options

• A. The Windows Active Directory domain controller has not completed synchronization, and should force the domain controller to sync.
• B. The server has been compromised and should be removed from the network and cleaned before reintroducing it to the network.
• C. The server administrator created user accounts cloning the wrong user ID, and the accounts should be removed from administrators and placed in an employee group.
• D. The naming scheme allows for too many variations, and the account naming convention should be updates to enforce organizational policies.

Correct answer: D

Explanation

The correct answer is D because allowing too many variations in account names can lead to security vulnerabilities, as seen in this scenario. Options A and B do not address the root cause of the naming issue, while option C suggests an administrative error rather than a systemic problem with naming conventions.