Certified Threat Intelligence Analyst (CTIA) — Question 3

Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find any evidence of compromise. During the network monitoring, he came to know that there are multiple logins from different locations in a short time span. Moreover, he also observed certain irregular log in patterns from locations where the organization does not have business relations. This resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?

Answer options

• A. Unusual outbound network traffic
• B. Unexpected patching of systems
• C. Unusual activity through privileged user account
• D. Geographical anomalies

Correct answer: D

Explanation

The correct answer is D, Geographical anomalies, because the scenario describes logins from locations with no business connections, which indicates unusual geographical patterns. Options A, B, and C do not apply as they address different issues such as network traffic, system updates, and user account activities, none of which are relevant to the specific observation of login locations.