CompTIACompTIA
CAS-005 · Question #321
CAS-005 Question #321: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-005 to reveal the answer and full explanation for question #321. The question stem and answer options stay visible for context.
Submitted by the_admin· Mar 6, 2026Security Operations
Question
A security analyst notices a number of SIEM events that show the following activity: Which of the following response actions should the analyst take first?
Options
- ADisable powershell.exe on all Microsoft Windows endpoints
- BRestart Microsoft Windows Defender
- CConfigure the forward proxy to block 40.90.23.154
- DDisable local administrator privileges on the endpoints
Unlock CAS-005 to see the answer
You've previewed enough free CAS-005 questions. Unlock CAS-005 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.