SY0-701 • Practice Test 22
Free SY0-701 practice test — 15 questions with explanations. Set 22. No signup required.
A SOC analyst receives a SIEM alert for a possible brute-force attack against a remote access portal. The alert shows 240 failed logins from the same source IP over 4 minutes, followed by one successful login. Before escalating as an incident, what is the BEST evidence to check to determine whether the alert is a false positive caused by approved activity?