You are a system administrator at a company with many Windows OS based servers. Your monitoring system has triggered an alert due to a single users many failed login attempts from a single user on various servers ranging from file servers, to web servers and various others. What should you do next?
The first action should disable the user account so that the issue can be further investigated safely. You should not change or delete anything else, like deleting the account or disabling the servers yet as the login attempts are not succeeding. Only disabling the user account's ability to login would not prevent any existing authenticated sessions from accessing resources and is a less safe option given the possibility of a security breach in progress.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to disable the user account instead of deleting it?
Open an interactive chat with Bash
What are some steps to take after disabling the user account?
Open an interactive chat with Bash
What could be some potential causes for multiple failed login attempts?