Free CompTIA Security+ SY0-601 Practice Question

Upon reviewing the SIEM trends, an analyst observes a pattern of increased login failures on the organization's web portal every night at 3 AM. There is no known maintenance or legitimate activity scheduled at this time. Which of the following would be the most appropriate immediate action for the analyst to undertake?

  • Review the relevant log files for IP addresses, user accounts involved, and potential payload in the requests

  • Inform the legal department of a potential breach due to the regular login failures

  • Immediately update the IDS/IPS signatures to block the IP addresses associated with the login failures

  • Implement a CAPTCHA mechanism on the login page to deter automated login attempts

This question's topic:
CompTIA Security+ SY0-601 / 
Operations and Incident Response
Your Score:

Check or uncheck an objective to set which questions you will receive.