CompTIA CySA+ CS0-003 Practice Question
During a routine review, a security analyst observes large data transfers occurring outside of business hours from a high-level executive's account to an unknown external server. The executive usually accesses sensitive financial records during standard business hours. Which of the following actions should the analyst investigate as a priority to determine if this is an incident?
Check the integrity of backup files for possible corruption
Examine the firewall rules for any recent changes
Verify if the executive was actually responsible for the transfers
Immediately change the executive account's password