nerdexam
ExamsCAS-005Questions#197
CompTIACompTIA

CAS-005 · Question #197

CAS-005 Question #197: Real Exam Question with Answer & Explanation

Sign in or unlock CAS-005 to reveal the answer and full explanation for question #197. The question stem and answer options stay visible for context.

Submitted by stefanr· Mar 6, 2026Security Operations

Question

A security analyst is reviewing a SIEM and generates the following report: Later, the incident response team notices an attack was executed on the VM001 host. Which of the following should the security analyst do to enhance the alerting process on the SIEM platform?

Options

  • AInclude the EDR solution on the SIEM as a new log source.
  • BPerform a log correlation on the SIEM solution.
  • CImprove parsing of data on the SIEM.
  • DCreate a new rule set to detect malware.

Unlock CAS-005 to see the answer

You've previewed enough free CAS-005 questions. Unlock CAS-005 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CAS-005 - $49.99 / 30 daysSign in
Full CAS-005 PracticeBrowse All CAS-005 Questions