🔥 3-day streak
CompTIA CySA+ (CS0-003)38 / 147
Question 38 of 147

During a security team meeting, an analyst reviews recent activity. A threat intelligence feed reports that a hacktivist group has publicly announced plans to target the company's industry over the next month due to a controversial policy decision. Separately, the SIEM has flagged repeated failed authentication attempts against the VPN gateway from foreign IP ranges within the last hour. According to the incident response lifecycle, how should the analyst classify these two pieces of information?

Reviewed for accuracy · Report an issueNext question