CompTIACompTIA
CAS-005 · Question #274
CAS-005 Question #274: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-005 to reveal the answer and full explanation for question #274. The question stem and answer options stay visible for context.
Submitted by helene.fr· Mar 6, 2026Security Operations
Question
A company's SIEM is designed to associate the company's asset inventory with user events. Given the following report: Which of the following should a security engineer investigate first as part of a log audit?
Options
- AAn endpoint that is not submitting any logs
- BPotential activity indicating an attacker moving laterally in the network
- CA misconfigured syslog server creating false negatives
- DUnauthorized usage attempts of the administrator account
Unlock CAS-005 to see the answer
You've previewed enough free CAS-005 questions. Unlock CAS-005 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.