Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?

exams

2 years ago

During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations.

Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?
A . User behavior analytics
B. Dump files
C. Bandwidth monitors
D. Protocol analyzer output

Answer: A

Explanation:

User behavior analytics (UBA) would be the best data source to assess the accounts impacted by the attack, as it can identify abnormal activity, such as repeated brute-force attacks and logins from unfamiliar geographic locations, and provide insights into the behavior of the impacted accounts.

References: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 7: Incident Response, pp. 338-341

Latest SY0-601 Dumps Valid Version with 396 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SY0-601 PDF SY0-601 Questions Online Training