CAS-005
Security Operations
hard
Question 1 of 22

A SOC analyst is reviewing SIEM alerts and observes that a user account authenticated successfully from two geographically distant locations within a 10-minute window — a physical impossibility. The account has broad access to the HR system. Which sequence of actions BEST represents appropriate incident response?

ALog the anomaly in the ticketing system and review at the next weekly SOC meeting
BImmediately disable the user account, notify the account owner and HR, initiate an investigation to determine if credentials were compromised, and preserve all relevant authentication and access logs
CReset the user's password and wait to see if the anomalous logins recur
DForward the alert to the firewall team to block the remote IP address

More Security Operations Questions

22 questions

Full CompTIA SecurityX Practice Test

All topics covered

All CompTIA SecurityX Questions

Browse by topic

Related Questions

Which format is used to share structured threat intelligence indicators, including IoCs, TTPs, and t...

easy

Which internal threat hunting technique deploys decoy systems or credentials to detect attacker late...

easy

A SOC analyst is investigating a suspected intrusion. The analyst discovers an executable that was n...

medium

A threat hunter is searching for signs of command-and-control traffic in network logs. The hunter ne...

medium

A SIEM is generating a high volume of alerts for failed SSH login attempts from internal IP addresse...

medium
View all Security Operations questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account