Skip to Content

CCST Cybersecurity: What Is the Best Immediate Action for Multiple Failed Login Attempts from Unfamiliar IP?

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

What should you do if you notice multiple failed login attempts from an unfamiliar IP address? Learn why blocking the IP at the firewall is the best immediate response for the Cisco Certified Support Technician (CCST) Cybersecurity 100-160 exam.

Table of Contents

Question

A network administrator notices that multiple failed login attempts are coming from an unfamiliar IP address. What is the best immediate action?

A. Change all user passwords immediately.
B. Block the IP address at the firewall.
C. Increase password complexity requirements.
D. Notify all users about a potential data breach.
E. Review logs and monitor for further activity before taking action.

Answer

B. Block the IP address at the firewall.

Explanation

Blocking the IP address prevents further unauthorized login attempts while investigating the issue.

The best immediate action is to block the IP address at the firewall.

  • Multiple failed login attempts from an unknown IP are a strong indicator of a brute-force or credential-stuffing attack.
  • Blocking the source IP at the firewall stops further unauthorized attempts from that address, immediately reducing the risk of account compromise and protecting network resources.
  • This action buys time for further investigation and remediation, such as reviewing logs, monitoring for additional suspicious activity, and assessing whether any accounts were compromised.
  • While attackers may switch IPs or use proxies, blocking the current offending IP is a necessary first step in incident response and is widely recommended in cybersecurity best practices.
  • Additional steps, such as increasing password complexity, notifying users, or changing passwords, are important but should follow after the immediate threat is contained.

Blocking the IP address prevents further unauthorized login attempts while you investigate and respond to the incident.

Cisco Certified Support Technician (CCST) Cybersecurity 100-160 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Cisco Certified Support Technician (CCST) Cybersecurity 100-160 exam and earn Cisco Certified Support Technician (CCST) Cybersecurity 100-160 certification.