SY0-701 Security Operations • Set 2
SY0-701 Security Operations Practice Test 2 — 15 questions with explanations. Free, no signup.
A security analyst receives an automated alert indicating that a standard user account logged in from a geographic location that is unusual for the user, and the login occurred at 3:00 AM local time. The analyst has not yet verified whether this was a successful login or if any additional suspicious activity occurred. According to standard incident response procedures, what should the analyst do NEXT?