Certified in Risk and Information Systems Control (CRISC) — Question 469

An organization has been notified that a disgruntled, terminated IT administrator has tried to break into the corporate network. Which of the following discoveries should be of GREATEST concern to the organization?

Answer options

• A. A brute force attack has been detected
• B. An external vulnerability scan has been detected
• C. An increase in support requests has been observed
• D. Authentication logs have been disabled

Correct answer: D

Explanation

The disabling of authentication logs (D) is the most concerning because it hampers the organization's ability to track unauthorized access attempts and security breaches. A brute force attack (A) and an external vulnerability scan (B) are significant, but they can be monitored. An increase in support requests (C) may indicate various issues, but it is less critical than losing log data.