An analyst is reviewing application logs to identify unauthorized access to confidential files. Which of the following BEST indicates an incident that requires immediate investigation?
Repeated application time-outs during peak business hours.
Multiple failed login attempts followed by a successful login in a short time frame.
A single failed login attempt from a known user's IP address.
Frequent connection errors to the database server from an application's service account.
An unauthorized user attempting to access confidential files can be detected through application logs by the presence of multiple failed login attempts followed by a successful login, especially if the timestamps of these events suggest that they occurred in rapid succession. This could imply a brute force attack or the compromise of legitimate credentials. It's essential to investigate such anomalies to prevent potential data breaches. Repeated timeouts suggest a denial of service condition but don't necessarily indicate unauthorized file access, while connection errors and single login failures are common and might not represent security incidents.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are application logs and why are they important?
Open an interactive chat with Bash
What are brute force attacks and how do they work?
Open an interactive chat with Bash
What is the significance of timestamps in log analysis?