Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
A security analyst is reviewing the following authentication logs: Which of the following should the analyst do first?
Correct Answer: D
Based on the provided authentication logs, we observe that User1's account experienced multiple failed login attempts within a very short time span (at 8:01:23 AM on 12/15). This pattern indicates a potential brute-force attack or an attempt to gain unauthorized access. Here's a breakdown of why disabling User1's account is the appropriate first step: Failed Login Attempts: The logs show that User1 had four consecutive failed login attempts: VM01 at 8:01:23 AM VM08 at 8:01:23 AM VM01 at 8:01:23 AM VM08 at 8:01:23 AM Security Protocols and Best Practices: According to CompTIA Security+ guidelines, multiple failed login attempts within a short timeframe should trigger an immediate response to prevent further potential unauthorized access attempts. This typically involves temporarily disabling the account to stop ongoing brute-force attacks. Account Lockout Policy: Implementing an account lockout policy is a standard practice to thwart brute-force attacks. Disabling User1's account will align with these best practices and prevent further failed attempts, which might lead to successful unauthorized access if not addressed. Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl CompTIA Security+ Certification Exam Objectives NIST Special Publication 800-63B: Digital Identity Guidelines By addressing User1's account first, we effectively mitigate the immediate threat of a brute-force attack, ensuring that further investigation can be conducted without the risk of unauthorized access continuing during the investigation period.