As an incident responder, you are tasked with investigating an alert that indicates a possible unauthorized access to a server. Upon reviewing the server's logs, you notice numerous failed login attempts followed by a successful login at an unusual time of night. What type of activity is MOST likely being logged, and which security control should be assessed for potential improvement?
The successful login at an unusual time suggests the need for tighter egress filtering controls.
The logs indicate a brute-force attack; the account lockout policy should be reassessed.
This pattern of activity in the logs suggests a possible insider threat, and user retraining is necessary.
This logging pattern is typical during a system update, and scheduled maintenance procedures should be reviewed.
|Operations and Incident Response
|Architecture and Design
|Governance, Risk, and Compliance
|Attacks, Threats, and Vulnerabilities