After a security incident, a forensic analyst needs to review the event logs on a Windows 10 system to determine when a specific user account was created. The logs are intact. Which Windows security setting must be enabled to ensure that account creation events are recorded?
Trap 1: Enable 'Audit Logon Events' in Local Security Policy.
This audits logon attempts, not account creation.
Trap 2: Turn on 'File and Printer Sharing' in Network and Sharing Center.
This is unrelated to event logging.
Trap 3: Configure Windows Defender to scan for new accounts.
Windows Defender does not log account creation events.
- A
Enable 'Audit Logon Events' in Local Security Policy.
Why wrong: This audits logon attempts, not account creation.
- B
Enable 'Audit Account Management' in Advanced Audit Policy.
This setting specifically logs account creation, modification, and deletion events.
- C
Turn on 'File and Printer Sharing' in Network and Sharing Center.
Why wrong: This is unrelated to event logging.
- D
Configure Windows Defender to scan for new accounts.
Why wrong: Windows Defender does not log account creation events.