A company has noticed unusual activity on their network and has started an investigation. As a security analyst, you are reviewing logs from various endpoints to identify the source of the activity. Which of the following log entries would likely indicate a security incident in progress?
Repeated login failures from a single source, followed by a successful login to an administrative account.
Scheduled system updates being applied outside of office hours.
Periodic security scanning by the in-house vulnerability management tool.
A single successful login to a user account during working hours.