CS0-003 Domain 1: Security Operations

Which SIEM rule detects brute force logins?

Multiple choice — select one answer

Answer choices

  1. a. Query proxy/DNS for rare newly seen domains
  2. b. DNS logs / passive DNS
  3. c. Multiple failed logins followed by success from same IP
  4. d. Follow change control and monitor metrics

Architectural breakdown & explanation

Failed-then-success patterns indicate guessing.

Correct answer(s): c. Multiple failed logins followed by success from same IP

Exam domain: Domain 1: Security Operations (33% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA CySA+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.