A security analyst is reviewing application logs and notices entries indicating the creation of multiple new user accounts late at night, which is unusual for this organization. Which of the following should the analyst investigate to confirm if this activity is malicious?
Monitor network traffic for anomalies
Scan the system for known malware signatures
Verify with the system owner or administrator about the authorization of new accounts
Check for signs of unauthorized system access or intrusion
The correct answer is verifying with the system owner or administrator about the authorization of new accounts. This step ensures that there is a legitimate reason for the account creation, and if the accounts are unauthorized, further investigation is needed. Checking system for signs of intrusion, monitoring network traffic for anomalies, and scanning for known malware signatures are also crucial steps but are further actions depending on the outcome of the initial verification.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is verifying with the system owner or administrator the first step when investigating unauthorized account creation?
Open an interactive chat with Bash
How can an analyst distinguish between legitimate user account creation and malicious activity?
Open an interactive chat with Bash
What further actions can be taken if unauthorized account creation is confirmed?