Computer Hacking Forensic Investigator (CHFI v10) — Question 39

Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?

Answer options

• A. Domain Controller
• B. Firewall
• C. SIEM
• D. IDS

Correct answer: C

Explanation

The SIEM (Security Information and Event Management) system aggregates logs and events from various sources, including the Domain Controller. Investigating the SIEM first can provide insights into what happened prior to the outage and may reveal any underlying issues or attacks. The other options, such as the Domain Controller, would not provide useful information since it is the system that is down.