CompTIA CySA+ (CS0-002) — Question 255

A security analyst is reviewing the event logs on an air-gapped workstation. The analyst knows the system is used regularly for classified work. Additionally, the analyst knows multiple users locked themselves out and required a password reset. When reviewing the logs, the security analyst is surprised to see that these incidents were not recorded in the logs. Which of the following is the best remediation for this issue?

Answer options

• A. Modify the local group policy to use advanced logging.
• B. Install third-party software to log the events remotely.
• C. Require users to log a trouble ticket when failures occur.
• D. Ensure the analyst has the correct permissions to view the logs.

Correct answer: A

Explanation

The correct answer is A, as modifying the local group policy to enable advanced logging can ensure that critical events, such as password resets, are properly recorded in the logs. Option B is not suitable because the workstation is air-gapped and cannot use remote logging solutions. Option C does not resolve the logging issue itself, and option D may not be relevant if the logging configuration is incorrect.