Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Discussions
  3. CompTIA
  4. CompTIA CASP
  5. CAS-005 Discussions
  6. CAS-005 Exam Topic 8 Question 74 Discussion
 CompTIA Discussions
Exam CAS-005 All Questions
Exam CAS-005 All Questions

View all questions & answers for the CAS-005 exam

Go to Exam

CompTIA CASP CAS-005 Question # 74 Topic 8 Discussion

CAS-005 Exam Topic 8 Question 74 Discussion:
Question #: 74
Topic #: 8

A security analyst notices a number of SIEM events that show the following activity:

10/30/2020 - 8:01 UTC - 192.168.1.1 - sc stop HinDctend

10/30/2020 - 8:05 UTC - 192.168.1.2 - c:\program files\games\comptidcasp.exe

10/30/2020 - 8:07 UTC - 192.168.1.1 - c:\windows\system32\cmd.exe /c powershell

10/30/2020 - 8:07 UTC - 192.168.1.1 - powershell —> 40.90.23.154:443

Which of the following response actions should the analyst take first?
A.

Disable powershell.exe on all Microsoft Windows endpoints

B.

Restart Microsoft Windows Defender

C.

Configure the forward proxy to block 40.90.23.154

D.

Disable local administrator privileges on the endpoints

Get Premium CAS-005 Questions
Actual exam question for CompTIA CAS-005 exam by Nash89658 at May 4, 2026, 2:45:15 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit