GIAC
GCIH · Question #402
A SOC analyst is reviewing event logs from several network devices across the enterprise and notices that there are an abnormally high number of logon attempts across the desktop systems for several u
Sign in or unlock GCIH to reveal the answer and full explanation for question #402. The question stem and answer options stay visible for context.
Incident Response & Cyber Kill Chain
Question
A SOC analyst is reviewing event logs from several network devices across the enterprise and notices that there are an abnormally high number of logon attempts across the desktop systems for several user IDs. What should the analyst do next?
Options
- AThe desktop teams should be notified to suspend the accounts of the users and reissue new
- BAn IDS signature should be deployed to monitor the user's logon attempts and alert the SOC of
- CEach device should be examined for any successful logon attempts within the past 24 hours.
- DAn event ticket should be created and escalated to the security team to investigate the attempts.
Unlock GCIH to see the answer
You've previewed enough free GCIH questions. Unlock GCIH for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#SOC analysis#brute force detection#log review#incident escalation