CS0-003 Security Operations • Set 9
CS0-003 Security Operations Practice Test 9 — 15 questions with explanations. Free, no signup.
A security analyst is reviewing a SIEM alert that triggered on a single failed login attempt from an internal IP address. The username used does not exist in Active Directory. The analyst checks the source IP and finds it belongs to a known vulnerability scanner. What classification should the analyst assign to this alert?