CV0-004 · Question #329
CV0-004 Question #329: Real Exam Question with Answer & Explanation
Sign in or unlock CV0-004 to reveal the answer and full explanation for question #329. The question stem and answer options stay visible for context.
Question
A company's cybersecurity team receives the following alert that a production VM was deleted from the virtual network: 21 September 09:19:08 (GMT-5) Resource with ID: PROD-WEB001 was deleted by User: Logging Service The console to manage virtual network resources uses directory authentication. Only users in a particular directory group can interactively access the virtual network management console. The logging service account is not part of this group and requires some local administration privileges to aggregate logs from various resources. The cybersecurity team discovers that the logging service account was previously given full directory administration privileges and they see the following entry: 21 September 09:10:55 (GMT-5) User with ID: Logging Service was added to the Group: VNet Console Administrators by actor: Logging Service. The cybersecurity team removes the compromised service account from the directory group. Which of the following should the cybersecurity team do next to prevent repeat instances of this issue?
Options
- AEnable two-factor authentication on the virtual network console.
- BReset the logging service account to use a long and complex password.
- CDisable RDP on the production virtual machines.
- DCreate a scoped administrative role for the logging service account.
Unlock CV0-004 to see the answer
You've previewed enough free CV0-004 questions. Unlock CV0-004 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.