A security analyst is reviewing server logs and notices a high volume of failed login attempts for a single administrative account, all originating from the same IP address. Which of the following subsequent log entries would be the strongest indicator that a brute-force attack was successful?
Continued failed login attempts for different usernames from the same IP address.
An 'account locked' event for the targeted account.
Successful logins for other user accounts from different IP addresses.
A successful login for the targeted account from the same IP address.
The correct answer identifies the pattern that confirms a successful compromise. A series of failed login attempts followed by a successful login from the same source is a classic indicator of a successful brute-force attack. An account lockout event indicates that a security control successfully thwarted the attack, not that the system was compromised. Continued failed attempts for different usernames suggest a password spraying attack is ongoing, but it does not confirm a successful breach. Successful logins for other users from different locations are likely normal activity and unrelated to the specific attack being investigated.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a brute-force attack?
Open an interactive chat with Bash
How do security logs help detect breaches?
Open an interactive chat with Bash
What is an identifier in the context of security logs?