During a routine SOC shift, an analyst observes a sudden surge of failed login attempts across multiple internal servers. The analyst then uses the organization’s SIEM platform to correlate this activity with VPN access logs, firewall data, and recent endpoint alerts. After investigation, the analyst confirms it is a coordinated brute-force attack from a known malicious IP range. Which of the following best describes the role of the SIEM tool in this situation?

Question

Answer

It provided centralized logging, correlation, and alerting that enabled the analyst to identify the attack pattern.

Answer

It simulated the brute-force attack to test the resilience of the authentication system.

Answer

It only blocked the IP addresses involved in the brute-force attack.

Answer

It did not detect the vulnerabilities in the authentication protocol that allowed the brute-force attack to succeed.

Crowdly

During a routine SOC shift, an analyst observes a sudden surge of failed login a...

Want instant access to all verified answers on moodle.polytechnic.bh?