A security analyst is reviewing application logs and notices entries indicating the creation of multiple new user accounts late at night, which is unusual for this organization. Which of the following should the analyst investigate to confirm if this activity is malicious?
Check for signs of unauthorized system access or intrusion
Monitor network traffic for anomalies
Scan the system for known malware signatures
Verify with the system owner or administrator about the authorization of new accounts
The correct answer is verifying with the system owner or administrator about the authorization of new accounts. This step ensures that there is a legitimate reason for the account creation, and if the accounts are unauthorized, further investigation is needed. Checking system for signs of intrusion, monitoring network traffic for anomalies, and scanning for known malware signatures are also crucial steps but are further actions depending on the outcome of the initial verification.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to verify with the system owner or administrator about new user accounts?
Open an interactive chat with Bash
What are some red flags that could indicate unauthorized account creation?
Open an interactive chat with Bash
What follow-up actions should an analyst take if unauthorized accounts are confirmed?