Which artifact is most useful for establishing who accessed a system and when?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Cybercrime Test with comprehensive coverage of real-world scenarios, various security domains, and expert techniques. Enhance your knowledge with flashcards and extensive question explanations. Ace your exam confidently!

Multiple Choice

Which artifact is most useful for establishing who accessed a system and when?

Explanation:
The main idea here is the audit trail—the record that shows who did what and when. System and application logs with event timestamps provide that trail for digital access. They log each authentication attempt, successful or failed, the user identity, the resources accessed, and the exact times those actions occurred. This makes it possible to reconstruct who accessed a system, from where, and in what order, which is essential for accountability and incident response. The timestamps help establish a precise timeline, and logs from different systems can be correlated to verify a user’s activity across the network. Other items don’t provide this access-by-time information. Employee benefits records track HR data, not system activity. Network cables indicate physical wiring or connectivity but don’t capture who accessed a system or when. Printer ink levels are unrelated to user actions within a system.

The main idea here is the audit trail—the record that shows who did what and when. System and application logs with event timestamps provide that trail for digital access. They log each authentication attempt, successful or failed, the user identity, the resources accessed, and the exact times those actions occurred. This makes it possible to reconstruct who accessed a system, from where, and in what order, which is essential for accountability and incident response. The timestamps help establish a precise timeline, and logs from different systems can be correlated to verify a user’s activity across the network.

Other items don’t provide this access-by-time information. Employee benefits records track HR data, not system activity. Network cables indicate physical wiring or connectivity but don’t capture who accessed a system or when. Printer ink levels are unrelated to user actions within a system.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy