CompTIA Exam CAS-004 Topic 10 Question 47 Discussion

Actual exam question for CompTIA's CAS-004 exam

Question #: 47
Topic #: 10

[All CAS-004 Questions]

A SOC analyst received an alert about a potential compromise and is reviewing the following SIEM logs:

Which of the following is the most appropriate action for the SOC analyst to recommend?

ADisabling account JDoe to prevent further lateral movement

BIsolating laptop314 from the network

CAlerting JDoe about the potential account compromise

DCreating HIPS and NIPS rules to prevent logins

Show Suggested Answer

Suggested Answer: B

The SIEM logs indicate suspicious behavior that could be a sign of a compromise, such as the launching of cmd.exe after Outlook.exe, which is atypical user behavior and could indicate that a machine has been compromised to perform lateral movement within the network. Isolating laptop314 from the network would contain the threat and prevent any potential spread to other systems while further investigation takes place.

by Derick at Apr 14, 2024, 06:00 PM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Comments

Submit Cancel

Grover

2 hours ago

Hmm, this is a tough call. I'd be tempted to go with isolating the laptop, you know, just to be on the safe side. But then again, that might tip off the bad guys and they could try something even sneakier. Decisions, decisions...

upvoted 0 times

...

Raina

2 days ago

Whoa, looks like we've got a real tricky one here! I mean, disabling the account, isolating the laptop, warning the user - it's like a choose your own adventure game, but with cybersecurity stakes!

upvoted 0 times

...