During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations. Which of the following data sources would be BEST to use assess the accounts impacted by this attack?
A. User behavior analytics
B. Dump files
C. Bandwidth monitors
D. Protocols analyzer output

The tracking, collection, and analysis of user data and behaviors via monitoring systems is known as user behavior analytics (UBA). Because users are only one type of object with observable behaviors on contemporary networks, UBA is frequently referred to as user and entity behavior analytics (UEBA). Processes, apps, and network devices are examples of other entities.

UBA technologies examine historical data logs, including network and authentication logs collected and stored in log management and security information and event management (SIEM) systems, to identify traffic patterns produced by both legitimate and malicious user activity.

In this case, the compromised admistrators accounts indicate historical data logs such as repeated brute-attack. Specifically, suspicous logins from unfamiliar geographic locations indicate a trace of network and authentications. Therefore, it should be analyzed using UBA

Learn more about data analytics here: https://brainly.com/question/29220462

#SPJ4