Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
Access CAS-005 Dumps Premium Version
(250 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 69/70
A threat hunter is identifying potentially malicious activity associated with an APT. When the threat hunter runs queries against the SIEM platform with a date range of 60 to 90 days ago, the involved account seems to be typically most active in the evenings. When the threat hunter reruns the same query with a date range of 5 to 30 days ago, the account appears to be most active in the early morning. Which of the following techniques is the threat hunter using to better understand the data?
Correct Answer: B
User behavior analytics (UBA) detects anomalous activity by analyzing historical patterns and comparing them to recent behavior. The time shift in account activity suggests potential compromise or misuse.
* TTP-based inquiries (A) focus on known attack tactics, techniques, and procedures but do not involve behavior tracking.
* Adversary emulation (C) simulates attacks but does not analyze real data trends.
* OSINT analysis (D) gathers intelligence from public sources, which is unrelated to internal account behavior analysis.
* TTP-based inquiries (A) focus on known attack tactics, techniques, and procedures but do not involve behavior tracking.
* Adversary emulation (C) simulates attacks but does not analyze real data trends.
* OSINT analysis (D) gathers intelligence from public sources, which is unrelated to internal account behavior analysis.
- Question List (70q)
- Question 1: A security engineer must resolve a vulnerability in a deprec...
- Question 2: A network engineer must ensure that always-on VPN access is ...
- Question 3: During a gap assessment, an organization notes that OYOD usa...
- Question 4: (Exhibit) An organization is planning for disaster recovery ...
- Question 5: A systems administrator wants to reduce the number of failed...
- Question 6: Users are experiencing a variety of issues when trying to ac...
- Question 7: A developer makes a small change to a resource allocation mo...
- Question 8: A company detects suspicious activity associated with extern...
- Question 9: A company wants to use loT devices to manage and monitor the...
- Question 10: A systems engineer is configuring a system baseline for serv...
- Question 11: A security analyst needs to ensure email domains that send p...
- Question 12: A security configure is building a solution to disable weak ...
- Question 13: An organization wants to manage specialized endpoints and ne...
- Question 14: Which of the following best describes the challenges associa...
- Question 15: A security analyst is reviewing suspicious log-in activity a...
- Question 16: An organization is implementing advanced security controls a...
- Question 17: A user reports application access issues to the help desk. T...
- Question 18: A security engineer needs to review the configurations of se...
- Question 19: You are a security analyst tasked with interpreting an Nmap ...
- Question 20: After remote desktop capabilities were deployed in the envir...
- Question 21: A security engineer is given the following requirements: * A...
- Question 22: A user reports application access issues to the help desk. T...
- Question 23: A company must build and deploy security standards for all s...
- Question 24: During a security assessment using an CDR solution, a securi...
- Question 25: A security architect for a global organization with a distri...
- Question 26: Embedded malware has been discovered in a popular PDF reader...
- Question 27: A building camera is remotely accessed and disabled from the...
- Question 28: A security analyst received a notification from a cloud serv...
- Question 29: An endpoint security engineer finds that a newly acquired co...
- Question 30: A user submits a help desk ticket stating then account does ...
- Question 31: A security team is responding to malicious activity and need...
- Question 32: During a vulnerability assessment, a scan reveals the follow...
- Question 33: A vulnerability can on a web server identified the following...
- Question 34: A security analyst Detected unusual network traffic related ...
- Question 35: A security engineer is assisting a DevOps team that has the ...
- Question 36: A security officer performs due diligence activities before ...
- Question 37: An organization found a significant vulnerability associated...
- Question 38: A company lined an email service provider called my-email.co...
- Question 39: An incident response team is analyzing malware and observes ...
- Question 40: A company isolated its OT systems from other areas of the co...
- Question 41: A security engineer performed a code scan that resulted in m...
- Question 42: A software development team requires valid data for internal...
- Question 43: As part of a security audit in the software development life...
- Question 44: A security architect must make sure that the least number of...
- Question 45: A systems engineer is configuring SSO for a business that wi...
- Question 46: A security analyst discovered requests associated with IP ad...
- Question 47: Operational technology often relies upon aging command, cont...
- Question 48: After some employees were caught uploading data to online pe...
- Question 49: Employees use their badges to track the number of hours they...
- Question 50: A financial services organization is using Al lo fully autom...
- Question 51: Third parties notified a company's security team about vulne...
- Question 52: A financial technology firm works collaboratively with busin...
- Question 53: A security engineer wants to stay up-to-date on new detectio...
- Question 54: A Chief Information Security Officer is concerned about the ...
- Question 55: Which of the following is the main reason quantum computing ...
- Question 56: A company updates its cloud-based services by saving infrast...
- Question 57: A company wants to implement hardware security key authentic...
- Question 58: A compliance officer is reviewing the data sovereignty laws ...
- Question 59: A systems administrator wants to use existing resources to a...
- Question 60: A developer needs to improve the cryptographic strength of a...
- Question 61: A company that uses containers to run its applications is re...
- Question 62: An organization mat performs real-time financial processing ...
- Question 63: Users must accept the terms presented in a captive petal whe...
- Question 64: A company hosts a platform-as-a-service solution with a web-...
- Question 65: A company wants to invest in research capabilities with the ...
- Question 66: A software engineer is creating a CI/CD pipeline to support ...
- Question 67: A security administrator needs to automate alerting. The ser...
- Question 68: A company that relies on an COL system must keep it operatin...
- Question 69: A threat hunter is identifying potentially malicious activit...
- Question 70: During a forensic review of a cybersecurity incident, a secu...
