CompTIA Security+ SY0-701 Practice Question

During a review of system logs, a security analyst notices an increase in log entries off-hours for a service account. This account is associated with a third-party vendor's update process, which runs monthly maintenance. Which of the following actions should the analyst undertake FIRST to determine if these out-of-cycle log entries are of concern?

  • Physically inspect the system where the service account credentials are stored to check for tampering.

  • Correlate the log entries with user badge access records to establish a pattern of physical access during off-hours.

  • Investigate the identity and access management policy for potential unauthorized modifications concerning service accounts.

  • Analyze the log entries to identify the types of operations performed and if they deviate from known patterns.

  • Validate the log entries against the third-party vendor's documented update schedule.

  • Conduct a user interview to discuss the actions the third-party vendor has performed during the off-hours.

CompTIA Security+ SY0-701
Threats, Vulnerabilities, and Mitigations
Your Score:
Settings & Objectives

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot