ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 389 discussion

Actual exam question from CompTIA's CS0-002
Question #: 389
Topic #: 1
[All CS0-002 Questions]

A security operations manager wants some recommendations for improving security monitoring. The security team currently uses past events to create an IoC list for monitoring. Which of the following is the best suggestion for improving monitoring capabilities?

  • A. Update the IPS and IDS with the latest rule sets from the provider.
  • B. Create an automated script to update the IPS and IDS rule sets.
  • C. Use an automated subscription to select threat feeds for IDS.
  • D. Implement an automated malware solution on the IPS.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CyberCEH at May 20, 2023, 11:09 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Starburst
Highly Voted 1 year, 10 months ago
The goal is to monitor. Answers A, B, and D all include IPS. The only option without IPS is C. It also makes logical sense to me.
upvoted 5 times
Dree_Dogg
1 year, 7 months ago
good catch.
upvoted 1 times
...
...
Chilaqui1es
Most Recent 1 year, 6 months ago
Selected Answer: C
I was thinking why wouldnt it be B? But the question mentions 'monitoring' not monitoring and blocking. So I will go with C.
upvoted 2 times
...
JakeH
1 year, 7 months ago
On exam
upvoted 2 times
...
CyberCEH
1 year, 12 months ago
Answer C
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago