CompTIA Security+ Question F-30

Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?

A. Routine log audits
B. Job rotation
C. Risk likelihood assessment
D. Separation of duties

Answer: A

When a new user account is created, an entry is added to the Event Logs. By routinely auditing the event logs, you would know that an account has been created.