Which of the following is a common indicator of a security incident?

Unusual account activity is recognized as a common indicator of a security incident due to the potential for compromised accounts or unauthorized access to sensitive systems or data. This can manifest in various ways, such as logins from unusual locations, access at unusual times, or a sudden increase in failed login attempts. These activities deviate from established patterns of behavior, making them a red flag for security teams who may need to investigate further.

The other options provided do not typically signal a security incident. Standard user login attempts are normal behavior and don’t indicate any deviation from expected patterns. System performance improvement might suggest that a system is functioning optimally, which is generally a positive sign rather than an indicator of concern. Regular backup completion is a critical aspect of maintaining data integrity and availability, but it does not imply any immediate security threat. Hence, unusual account activity stands out as a key sign that something may be wrong and warrants further investigation.