CertNexus Certified Cyber Secure Coder (CSC) — Question 74
An incident responder discovers that the CEO logged in from their New York City office and then logged in from a location in Beijing an hour later. The incident responder suspects that the CEO’s account has been compromised. Which of the following anomalies MOST likely contributed to the incident responder’s suspicion?
Answer options
- A. Geolocation
- B. False positive
- C. Geovelocity
- D. Advanced persistent threat (APT) activity
Correct answer: C
Explanation
The correct answer is C, Geovelocity, because the rapid change in location from New York City to Beijing in such a short time frame indicates that it's highly unlikely for a person to travel that distance in one hour. The other options do not specifically address the timing and location change as effectively as Geovelocity does.