A security analyst is reviewing application logs and notices entries indicating the creation of multiple new user accounts late at night, which is unusual for this organization. Which of the following should the analyst investigate to confirm if this activity is malicious?
Check for signs of unauthorized system access or intrusion
Scan the system for known malware signatures
Monitor network traffic for anomalies
Verify with the system owner or administrator about the authorization of new accounts