ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-005 All Questions

View all questions & answers for the CAS-005 exam
Go to Exam

Exam CAS-005 topic 1 question 207 discussion

Actual exam question from CompTIA's CAS-005
Question #: 207
Topic #: 1
[All CAS-005 Questions]

A company's internal network is experiencing a security breach and the threat actor is still active Due to business requirements, users in this environment are allowed to utilize multiple machines at the same time. Given the following log snippet:



Which of the following accounts should a security analyst disable to best contain the incident without impacting valid users?

  • A. user-а
  • B. user-b
  • C. user-с
  • D. user-d
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ec566d2 at May 7, 2025, 4:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ec566d2
1 month, 2 weeks ago
Selected Answer: D
user-d accessed two different machines within 1 minute — a strong indicator of automated activity or lateral movement by a threat actor. Disabling user-d would most likely help contain the threat with minimal impact to valid users.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel