A SOC analyst notices repeated failed login attempts from a foreign IP address followed by a successful login to a privileged account. What is the most appropriate next step?
A.
Reset the affected user’s password and investigate the scope of compromise.
B.
Block all foreign IP addresses from accessing the network.
C.
Run a full vulnerability scan of the corporate network.
TheCCST Cybersecuritycourse highlights that signs of brute-force attacks followed by successful access requireimmediate account security actionsand an investigation to determine if other systems were accessed.
"When suspicious login activity is detected, immediate containment steps such as password resets and log analysis are necessary to limit damage and identify the extent of the compromise."
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit