You are a system administrator at a company with many Windows OS based servers. Your monitoring system has triggered an alert due to a single users many failed login attempts from a single user on various servers ranging from file servers, to web servers and various others. What should you do next?
The first action should disable the user account so that the issue can be further investigated safely. You should not change or delete anything else, like deleting the account or disabling the servers yet as the login attempts are not succeeding. Only disabling the user account's ability to login would not prevent any existing authenticated sessions from accessing resources and is a less safe option given the possibility of a security breach in progress.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is disabling the user account the safest first step in this situation?
Open an interactive chat with Bash
How do failed login attempts indicate a potential security breach?
Open an interactive chat with Bash
What should you do after disabling the user account?
Open an interactive chat with Bash
CompTIA A+ 220-1102 (V14)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .