Free CompTIA Security+ SY0-601 Practice Question

The correct answer is 'Use of stolen credentials due to a compromised account'. The scenario points to the likelihood that an attacker has obtained the credentials of a legitimate user and is accessing the network during off-hours to avoid detection. The pattern of repeated successful logins from a single user account outside of expected activity hours fits a compromised account scenario. 'Outdated log information' is less likely given the pattern over a month and confirmation by the account owner. 'Scheduled tasks using the user's credentials' typically would not flag anomalous access unless they were improperly configured. 'Legitimate remote work by the user' is inconsistent with the owner's statement that they did not access the systems.