Valid CAS-004 Dumps shared by ExamDiscuss.com for Helping Passing CAS-004 Exam! ExamDiscuss.com now offer the newest CAS-004 exam dumps, the ExamDiscuss.com CAS-004 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-004 dumps with Test Engine here:
A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?
Correct Answer: D
Looking for privileged credential reuse on the network is the most likely process that would expose an attacker. The anomalous external files on the server suggest that the attacker gained access to the system. Therefore, the attacker must have had privileged credentials or access that allowed them to upload the files. By looking for privileged credential reuse on the network, the administrator can identify any credentials that have been compromised and potentially used by the attacker to gain access to the system. This information can be used to revoke compromised credentials, change passwords, and implement additional security measures to prevent future attacks.