GCIH Question #418: Real Exam Question with Answer & Explanation

You are a member of your organization's security team. A new ticket just came into your service desk and was escalated to you. One of the system administrators noticed the following entry in a Windows Server 2008 R2 file server Security event log: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2/1/2012 2:24:07 AM Event ID: 4674 Task Category: Sensitive Privilege Use Level: Information Keywords: Audit Failure User: N/A Computer: somehost.somecompany.com Description: An operation was attempted on a privileged object. Subject: Security ID: LOCAL SERVICE Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3e5 Object: Object Server: LSA Object Type: Object Name: Object Handle: 0x0 Process Information: Process ID: 0x1d8 Process Name: C:\Windows\System32\Isass.exe Requested Operation: Desired Access: 16777216 Privileges: SeSecurityPrivilege What is your next step?