Computer Hacking Forensic Investigator (CHFI) — Question 86

Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?

Answer options

• A. Domain Controller
• B. Firewall
• C. SIEM
• D. IDS

Correct answer: C

Explanation

The SIEM (Security Information and Event Management) system aggregates logs and alerts from various sources, including the Domain Controller. Investigating the SIEM will provide insights into any anomalies or issues that occurred before or during the Domain Controller's failure. The other systems may not contain relevant information about the events leading to this incident.