Valid CAS-005 Dumps shared by EduDump.com for Helping Passing CAS-005 Exam! EduDump.com now offer the newest CAS-005 exam dumps, the EduDump.com CAS-005 exam questions have been updated and answers have been corrected get the newest EduDump.com CAS-005 dumps with Test Engine here:
During a recent security event, access from the non-production environment to the production environment enabled unauthorized users to install unapproved software and make unplanned configuration changes. During an investigation, the following findings are identified: * Several new users were added in bulk by the IAM team. * Additional firewalls and routers were recently added to the network. * Vulnerability assessments have been disabled for all devices for more than 30 days. * The application allow list has not been modified in more than two weeks. * Logs were unavailable for various types of traffic. * Endpoints have not been patched in more than ten days. Which of the following actions would most likely need to be taken to ensure proper monitoring is in place within the organization? (Select two)
Correct Answer: B,E
The incident highlights gaps in visibility, monitoring, and log management that allowed unauthorized access to persist undetected. The most critical corrective actions are to extend log retention for all devices (B) and to ensure all devices are forwarding relevant logs to the SIEM (E). Together, these steps strengthen monitoring and incident detection capabilities by ensuring that sufficient telemetry is collected, stored, and available for correlation and investigation. Disabling bulk user creation (A) may reduce misuse but does not directly address monitoring gaps. Daily review of the application allow list (C) is operationally impractical and does not provide the breadth of monitoring needed. Routine patching (D) is essential for security hygiene but is separate from monitoring improvements. Configuring firewall rules (F) may reduce traffic flows but does not ensure detection or visibility of unauthorized activity. By prioritizing comprehensive log collection and ensuring adequate retention, the SOC can correlate anomalies across systems, detect malicious behavior earlier, and conduct forensic investigations effectively. This aligns with CAS-005 best practices for security operations and continuous monitoring in hybrid environments.