CAS-005
Security Operations
medium
Question 9 of 22

A SIEM is generating a high volume of alerts for failed SSH login attempts from internal IP addresses. The SOC team determines that most of these are from an automated configuration management tool performing legitimate key rotation. What type of SIEM tuning action addresses this?

AIncrease the retention period for SSH log data
BCreate a suppression rule or allowlist for the configuration management tool's source IPs to reduce false positives
CDisable SSH logging across all servers
DIncrease the alert severity threshold for all SSH-related rules

More Security Operations Questions

22 questions

Full CompTIA SecurityX Practice Test

All topics covered

All CompTIA SecurityX Questions

Browse by topic

Related Questions

Which format is used to share structured threat intelligence indicators, including IoCs, TTPs, and t...

easy

Which internal threat hunting technique deploys decoy systems or credentials to detect attacker late...

easy

A SOC analyst is investigating a suspected intrusion. The analyst discovers an executable that was n...

medium

A threat hunter is searching for signs of command-and-control traffic in network logs. The hunter ne...

medium

After a security incident, the incident response team needs to determine the sequence of events that...

medium
View all Security Operations questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account