A newly hired security manager in a SOC wants to improve efficiency by automating routine tasks. Which of the following SOC tasks is most suitable for automation?
A.
Conducting security assessments and audits of IT systems
B.
Investigating security incidents and determining the root causes
C.
Reviewing logs and alerts to identify security threats and anomalies
D.
Generating incident reports and notifying the appropriate stakeholders
Reviewing logs and alerts is one of the most automatable tasks in a SOC. SIEM tools integrated with a SOAR platform can analyze logs and flag potential security anomalies / threats for further review.
Generating incident reports can be automated, but often requires customization and human input. Especially for detailed or nuanced incidents.
The answer has to be C because reviewing logs can and should be automated when possible.
upvoted 6 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Popeyes_Chicken
Highly Voted 3 months, 1 week agoWolf541
Highly Voted 3 months, 1 week ago