Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam CS0-002 topic 1 question 166 discussion

Actual exam question from CompTIA's CS0-002
Question #: 166
Topic #: 1
[All CS0-002 Questions]

A security engineer is reviewing security products that identify malicious actions by users as part of a companyג€™s insider threat program. Which of the following is the MOST appropriate product category for this purpose?

  • A. SCAP
  • B. SOAR
  • C. UEBA
  • D. WAF
Show Suggested Answer Hide Answer

Suggested Answer: B


4 days, 1 hour ago
im agree with your its C, key word is to identify the user action
upvoted 1 times
1 week, 4 days ago
I think it is C. The analytics component detects anomalies using a variety of analytics approaches including statistical models, machine learning, rules and threat signatures. More than just tracking events and devices, UEBA uses machine learning to monitor possible threats from insiders. This is done by creating a ‘baseline’: where an end-user logs in from, files and servers they frequently use, privileges they have, frequency and time of access as well as devices used for access. Advanced analytics should be used in tandem with traditional rule and correlation-based analytics available in traditional SIEMs.
upvoted 1 times