Answer :
The appropriate action to take when discovering a series of failed login attempts during a log review is: 1) Investigate the source of the failed login attempts.
Multiple failed login attempts could indicate a potential security threat, such as a brute force attack or unauthorized access attempt. Investigating the source helps to determine if the attempts are legitimate or malicious, assess any potential impact, and take necessary actions to secure the system.
Ignoring the attempts, deleting the logs, or restarting the server do not address the underlying issue and could leave the system vulnerable to further attacks. Investigating allows you to implement appropriate security measures and mitigate potential threats.
Final answer:
The correct action is to investigate the source of the failed login attempts to determine if they are benign or malicious, and then take appropriate actions based on the findings.
Explanation:
When encountering multiple failed login attempts during a log review, the appropriate course of action would be to investigate the source of the failed login attempts. This is important for understanding whether the activity is benign (such as a user forgetting their password) or malicious (such as an attempted security breach or a brute force attack).
The investigation should include examining the IP addresses from which the login attempts originated, the time pattern of the attempts, and if possible, any patterns in the usernames or passwords being attempted. Further actions may involve contacting the user in question if the attempts seem to be of a benign nature or escalating the issue to the cybersecurity team if the attempts look to be malicious.
Ignoring the failed login attempts, deleting the logs, or restarting the server without a proper understanding of the situation would not address the underlying issue and could potentially compromise the security of the system.
