CAS-004 Security Operations • Timed 20 Questions
This is a timed practice session. You have 20 minutes to answer 20 questions — approximately 1 minute per question, matching real CAS-004 exam pace. Answer every question before time expires.
Time remaining
20:00
Exam-pace drill
Allow 1 minute per question. On the real CAS-004 exam you have approximately 72 seconds per question — this session trains you to maintain that pace under pressure.
A security analyst receives an alert indicating an internal host is sending outbound traffic on TCP port 25 to multiple external IP addresses. Which action should the analyst take first to investigate potential data exfiltration?