CS0-003 Security Operations • Set 2
CS0-003 Security Operations Practice Test 2 — 15 questions with explanations. Free, no signup.
A security analyst reviews a SIEM alert that fired when a user successfully logged into a server from a remote IP address at 3 AM. The user is a system administrator who often works late. What is the most appropriate initial classification of this alert?