Free CompTIA SecurityX / CASP+ CAS-005 Actual Exam Questions - Question 5 Discussion
Question No. 5
[Security Architecture]
A security analyst is reviewingsuspicious log-in activity and sees the following data in the SICM:
Which of the following is the most appropriate action for the analyst to take?
A security analyst is reviewingsuspicious log-in activity and sees the following data in the SICM:
Which of the following is the most appropriate action for the analyst to take?
Select one option, then reveal solution.
US
MG
Mohammad G.
2026-02-17
A imo, if logs aren’t capturing properly, you’re flying blind. Fixing log config first helps understand the full scope before taking drastic actions like disabling accounts.
0
MG
Mohammad G.
2026-01-15
D - automation to disable risky accounts sounds most efficient here.
0