EC-Council
312-39 · Question #61
312-39 Question #61: Real Exam Question with Answer & Explanation
Sign in or unlock 312-39 to reveal the answer and full explanation for question #61. The question stem and answer options stay visible for context.
Question
A SOC analyst monitoring authentication logs detects a sudden and significant spike in failed login attempts targeting multiple critical servers during non-business hours. These repeated authentication failures are abnormal compared to typical login activity. All attempts originate from a single external IP address, indicating a targeted attack rather than random scanning. Some login attempts use legitimate employee usernames, suggesting credential stuffing using previously compromised credentials or an ongoing brute-force attempt. Given this suspicious activity and its potential to escalate into unauthorized access, what is the appropriate next step in the threat- hunting process to assess the situation further?
Options
- ARapid response
- BContinuous improvement
- CEstablish a baseline
- DInvestigate and analyze
Unlock 312-39 to see the answer
You've previewed enough free 312-39 questions. Unlock 312-39 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.