Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
A company's SIEM is designed to associate the company's asset inventory with user events. Given the following report: Which of the following should a security engineer investigate first as part of a log audit?
Correct Answer: D
Comprehensive and Detailed Understanding the Security Event: Administrator accounts are highly privileged and require strict monitoring. Server 4 shows failed login attempts for the administrator account. This could indicate a brute-force attack or unauthorized access attempt. The fact that none of the admin login attempts were successful suggests someone was trying to guess the credentials. Why Option D is Correct: Failed logins for administrator accounts are a critical security concern. If an attacker gains access, they could escalate privileges and compromise the network. Investigating unauthorized admin login attempts should be the top priority in a log audit. Why Other Options Are Incorrect: A (Endpoint not submitting logs): While this is concerning, it does not indicate an active attack. B (Lateral movement): There's no evidence of a compromised account moving between servers yet. C (Misconfigured syslog server): False negatives are a possibility, but the failed admin logins are real. Reference: CompTIA SecurityX CAS-005 Official Study Guide: SIEM & Incident Analysis