An analyst is reviewing the login activity of a recently terminated employee's user account. The analyst notices multiple authentication attempts from a foreign country only hours after the employee's departure. What is the BEST explanation for this anomaly?
The network is experiencing a distributed denial-of-service attack.
The employee's credentials have been compromised.
There is a hardware failure causing erroneous reporting of login locations.
The company is under a social engineering attack targeting former employees.
The best explanation for this anomaly is that the terminated employee's credentials have likely been compromised. Since the login attempts are occurring from a foreign country shortly after the employee's departure, it's improbable that they would be traveling there and trying to access the company's systems. The other options do not align as closely with the scenario provided, as social engineering and hardware failure would not explain login attempts from a foreign location, and a distributed denial-of-service attack does not relate directly to unauthorized access to a user account.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the common ways that user credentials can be compromised?
Open an interactive chat with Bash
How can companies protect against the unauthorized access following an employee's termination?
Open an interactive chat with Bash
What steps should be taken to investigate potentially compromised credentials?