A security analyst reviews Windows Security Event Log and observes Event ID 4625 repeatedly for a single user account from a remote IP address within a short timeframe. What is the MOST likely cause?
Repeated failed logons from a remote IP indicate a brute-force attack.
Why this answer
Event ID 4625 indicates a failed logon attempt. Repeated failures from a remote IP suggest a brute-force password guessing attack.