ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-003 All Questions

View all questions & answers for the CS0-003 exam
Go to Exam

Exam CS0-003 topic 1 question 357 discussion

Actual exam question from CompTIA's CS0-003
Question #: 357
Topic #: 1
[All CS0-003 Questions]

Which of the following is most appropriate to use with SOAR when the security team would like to automate actions across different vendor platforms?

  • A. STIX/TAXII
  • B. APIs
  • C. Data enrichment
  • D. Threat feed
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by 7167087 at Jan. 20, 2025, 11:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
hackerguy
Highly Voted 3 months, 2 weeks ago
Selected Answer: B
APIs (Application Programming Interfaces) are the most appropriate choice for integrating a SOAR (Security Orchestration, Automation, and Response) platform with different vendor platforms to automate actions. Here's why: Vendor Integration: APIs allow SOAR platforms to communicate directly with various tools and platforms, such as firewalls, SIEMs, EDR solutions, and threat intelligence feeds. Automation of Actions: APIs enable SOAR to execute automated actions like blocking IPs, quarantining endpoints, or updating policies across different vendor platforms. Interoperability: APIs are the standard method for interoperability between different tools, regardless of vendor-specific implementations. Flexibility: Using APIs, SOAR platforms can trigger specific workflows and tasks tailored to the organization's security requirements.
upvoted 7 times
...
Waltsthe
Most Recent 1 month, 3 weeks ago
Selected Answer: A
An API (Application Programming Interface) is a set of definitions and protocols that allows different software components to communicate and interact. They enable applications or services to share data and functionality.
upvoted 2 times
...
7167087
3 months, 3 weeks ago
Selected Answer: A
A. Know the acronym: (Structured Threat Information Expression) and TAXII (Trusted Automated eXchange of Intelligence Information). These standards allow SOAR to ingest STIX and TAXII from different vendor platforms. We have a structured method of classfying and expressing threats (STIX) and automated exchange of (threat) intelligence information (TAXII).
upvoted 3 times
noa808a
2 weeks, 6 days ago
The correct answer is B. Almost all cyber reporting systems use STIX and TAXII by default. The question is pertained to SOARs, and the biggest function of a SOAR is to automate tasks. The question is referring to how do you get the SOAR to take actions across different vendors of appliances? And the answer to this is APIs.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago