Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
An analyst reviews a SIEM and generates the following report: Only HOST002 is authorized for internet traffic. Which of the following statements is accurate?
Correct Answer: D
Comprehensive and Detailed Explanation: * Understanding the Security Event: * HOST002 is the only device authorized for internet traffic. However, the SIEM logs show that VM002 is making network connections to web.corp.local. * This indicates unauthorized access, which could be a sign of lateral movement or network infection. * This is a red flag for potential malware, unauthorized software, or a compromised host. * Why Option D is Correct: * Unusual network traffic patterns are often an indicator of a compromised system. * VM002 should not be communicating externally, but it is. * This suggests a possible breach or malware infection attempting to communicate with a command-and-control (C2) server. * Why Other Options Are Incorrect: * A (Misconfiguration): While a misconfiguration could explain the unauthorized connections, the pattern of activity suggests something more malicious. * B (Security incident on HOST002): The issue is not with HOST002. The suspicious activity is from VM002. * C (False positives): The repeated pattern of unauthorized connections makes false positives unlikely.