Exam CAS-005 Topic 1 Question 324 Discussion

Actual exam question for CompTIA's CAS-005 exam
Question #: 324
Topic #: 1
A security analyst wants to use lessons learned from a prior incident response to reduce dwell time in the future. The analyst is using the following data points:

Which of the following would the analyst most likely recommend?

Suggested Answer: C Vote an answer

In the context of improving incident response and reducing dwell time, the security analyst needs to focus on proactive measures that can quickly detect and alert on potential security breaches.
Enabling alerting on all suspicious administrator behavior: This option directly targets the potential misuse of administrator accounts, which are often high-value targets for attackers. By monitoring and alerting on suspicious activities from admin accounts, the organization can quickly identify and respond to potential breaches, thereby reducing dwell time significantly. Suspicious behavior could include unusual login times, access to sensitive data not usually accessed by the admin, or any deviation from normal behavior patterns. This proactive monitoring is crucial for quick detection and response, aligning well with best practices in incident response.

by Bernice at Apr 01, 2026, 07:43 AM

Limited Time Offer

15%

Off

Get Premium CAS-005 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10