After normal business hours, an administrator notices an abnormal pattern of login failures affecting several high-privilege accounts. The source of these attempts shifts methodically across a range of network addresses. Which characteristic of these security events should the administrator prioritize for further investigation?
You selected this option
Repeated login failures pointing to a potential configuration error.
You selected this option
An issue with the authentication service failing to validate credentials.
You selected this option
The high-privilege account lockouts due to suspected user error.
You selected this option
The methodical shift across a range of network addresses indicating automation.
The methodical shift across a range of network addresses from which the login failures originate is a strong indicator of automation, commonly seen in attack patterns like credential stuffing. Attackers often use large sets of compromised username and password pairs against various user accounts to find matches. This pattern is less likely to be caused by user errors, which would typically not exhibit such precise changes in source locations, nor would they be expected to focus on high-privilege accounts specifically. Additionally, a configuration error or an issue with the authentication service would unlikely lead to systematic login attempts from changing network locations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is credential stuffing and how does it relate to this situation?
Open an interactive chat with Bash
What does it mean for an attack to be automated in this context?
Open an interactive chat with Bash
Why are high-privilege accounts particularly targeted in automated attacks?