Free CompTIA Security+ SY0-701 Practice Question
During a review of system logs, a security analyst notices an increase in log entries off-hours for a service account. This account is associated with a third-party vendor's update process, which runs monthly maintenance. Which of the following actions should the analyst undertake FIRST to determine if these out-of-cycle log entries are of concern?
Investigate the identity and access management policy for potential unauthorized modifications concerning service accounts.
Conduct a user interview to discuss the actions the third-party vendor has performed during the off-hours.
Validate the log entries against the third-party vendor's documented update schedule.
Analyze the log entries to identify the types of operations performed and if they deviate from known patterns.
Physically inspect the system where the service account credentials are stored to check for tampering.
Correlate the log entries with user badge access records to establish a pattern of physical access during off-hours.
