CompTIACompTIA
CAS-005 · Question #206
CAS-005 Question #206: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-005 to reveal the answer and full explanation for question #206. The question stem and answer options stay visible for context.
Submitted by mateo_ar· Mar 6, 2026Security Operations
Question
A security engineer is reviewing the SIEM logs after a server crashed. The following list of events represents the timeline of actions collected from the SIEM: Which of the following TTPs is most likely associated with this SIEM log?
Options
- ALateral movement
- BCredential dumping
- CData exfiltration
- DLOLBins use
Unlock CAS-005 to see the answer
You've previewed enough free CAS-005 questions. Unlock CAS-005 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.