Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM: Which of the following is the most appropriate action for the analyst to take?
Correct Answer: D
The log-in activity indicates a security threat, particularly involving the ADMIN account with a high-risk failure status. This suggests that the account may be targeted by malicious activities such as credential stuffing or brute force attacks. Updating log configuration settings (A) may help in better logging future activities but does not address the immediate threat. Changing the admin account password (B) is a good practice but may not fully mitigate the ongoing threat if the account has already been compromised. Blocking employees (C) from logging into non-business applications might help in reducing attack surfaces but doesn't directly address the compromised account issue. Implementing automation to disable accounts associated with high-risk activities ensures an immediate response to the detected threat, preventing further unauthorized access and allowing time for thorough investigation and remediation. Reference: CompTIA SecurityX guide on incident response and account management. Best practices for handling compromised accounts. Automation tools and techniques for security operations centers (SOCs).