CompTIA CASP+ Practice Test

What likely indicates that a valid authentication token is being misused by a database administrator?

• A. General system errors appearing in logs
• B. Multiple alerts about unusual transactions
• C. Documented user access reviews
• D. Routine security emails from IDS

The correct answer is: Multiple alerts about unusual transactions

Multiple alerts about unusual transactions likely indicate that a valid authentication token is being misused by a database administrator because these alerts would signal activities that deviate from the expected behavior associated with that token or account. A database administrator typically has elevated privileges, so any unusual transactions, particularly those involving unauthorized data access, excessive data modifications, or anomalies in data queries, can suggest that the administrator's credentials are being exploited. In this context, unusual transactions may include accessing sensitive information that the administrator normally would not require or conducting operations at times or frequencies that are atypical for their role. The presence of multiple alerts can catalyze further investigation, as it suggests a pattern of behavior that raises red flags, prompting cybersecurity teams to look deeper into the activities linked to the token in question. Other options, while they may provide information about system performance or security, do not directly point to the misuse of an authentication token in the same specific manner. General system errors in logs may indicate a variety of issues that are not necessarily tied to authentication token misuse. Documented user access reviews are useful for compliance and security assessments but don’t indicate real-time misuse. Routine security emails from Intrusion Detection Systems (IDS) may capture alerts but do not specifically imply misuse without further context