ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-005 All Questions

View all questions & answers for the CAS-005 exam
Go to Exam

Exam CAS-005 topic 1 question 9 discussion

Actual exam question from CompTIA's CAS-005
Question #: 9
Topic #: 1
[All CAS-005 Questions]

A security analyst is investigating a possible insider threat incident that involves the use of an unauthorized USB from a shared account to exfiltrate data. The event did not create an alert. The analyst has confirmed the USB hardware ID is not on the device allow list, but has not yet confirmed the owner of the USB device. Which of the following actions should the analyst take next?

  • A. Classify the incident as a false positive.
  • B. Classify the incident as a false negative.
  • C. Classify the incident as a true positive.
  • D. Classify the incident as a true negative.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by vicbersong at April 23, 2025, 4:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
vicbersong
2 weeks, 1 day ago
Selected Answer: B
A false negative occurs when a real threat is not detected by security systems or does not trigger an alert — exactly what happened here. The unauthorized USB was not on the allow list, indicating a policy violation (a real threat), yet no alert was generated.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago