Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find
any evidence of compromise. During the network monitoring, he came to know that there are
multiple logins from different locations in a short time span. Moreover, he also observed certain
irregular log in patterns from locations where the organization does not have business relations. This
resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?
C
Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find
any evidence of compromise. During the network monitoring, he came to know that there are
multiple logins from different locations in a short time span. Moreover, he also observed certain
irregular log in patterns from locations where the organization does not have business relations. This
resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?
A. Unusual outbound network traffic
B. Unexpected patching of systems
C. Unusual activity through privileged user account
D. Geographical anomalies
Correct answer is D.
Geographical anomalies: Irregular login patterns can be used as evidence of compromise. Login attempts from locations where the organization does not have business relations resemble that confidential information is being stolen. Analyzing multiple logins from different locations in a short time span tagged with the location may reveal evidence of compromise