As an incident responder, you are tasked with investigating an alert that indicates a possible unauthorized access to a server. Upon reviewing the server's logs, you notice numerous failed login attempts followed by a successful login at an unusual time of night. What type of activity is MOST likely being logged, and which security control should be assessed for potential improvement?
This logging pattern is typical during a system update, and scheduled maintenance procedures should be reviewed.
This pattern of activity in the logs suggests a possible insider threat, and user retraining is necessary.
The successful login at an unusual time suggests the need for tighter egress filtering controls.
The logs indicate a brute-force attack; the account lockout policy should be reassessed.