Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
A company's SIEM is designed to associate the company's asset inventory with user events. Given the following report: Which of the following should a security engineer investigate first as part of a log audit?
Correct Answer: D
Comprehensive and Detailed Explanation: * Understanding the Security Event: * Administrator accounts are highly privileged and require strict monitoring. * Server 4 shows failed login attempts for the administrator account. This could indicate a brute-force attack or unauthorized access attempt. * The fact that none of the admin login attempts were successful suggests someone was trying to guess the credentials. * Why Option D is Correct: * Failed logins for administrator accounts are a critical security concern. * If an attacker gains access, they could escalate privileges and compromise the network. * Investigating unauthorized admin login attempts should be the top priority in a log audit. * Why Other Options Are Incorrect: * A (Endpoint not submitting logs): While this is concerning, it does not indicate an active attack . * B (Lateral movement): There's no evidence of a compromised account moving between servers yet. * C (Misconfigured syslog server): False negatives are a possibility, but the failed admin logins are real.