Skip to main content

A SecOps analyst receives an alert from the SIEM indicating multiple failed login attempts from an external IP address targeting administrative accounts. What is the first step in the incident response process?

This is a free preview. Create an account to access all 344 questions.