A security team is struggling with alert fatigue, and the Chief Information Security Officer has decided to purchase a SOAR platform to alleviate this issue. Which of the following BEST describes how a SOAR platform will help the security team?
A.
SOAR will integrate threat intelligence into the alerts, which will help the security team decide which events should be investigated first.
B.
A SOAR platform connects the SOC with the asset database, enabling the security team to make informed decisions immediately based on asset criticality.
C.
The security team will be able to use the SOAR framework to integrate the SIEM with a TAXII server, which has an automated intelligence feed that will enhance the alert data.
D.
Logic can now be created that will allow the SOAR platform to block specific traffic at the firewall according to predefined event triggers and actions.
Under this link "https://www.sirp.io/blog/how-soar-helps-security-teams-fight-alert-fatigue/", we can find that both A and D options are valid. Well congrats comptia for creating so sophisticated questions.
Hmmm.. I did originally think A, you do make a good point. Automation can technically relieve alert fatigue and allow the analyst to concentrate on other critical issues.
Another time wasting question... D sounds like a better option because it would reduce alerts which seems to be the goal here rather than A which prioritizes alerts.
I see lots of A...as per chat GPT, lol. That would be a valid answer but in the end, you'd still have the same number of alerts, but less stress figuring out which ones to work on.
However, I would go with, if part of the problems "solve themselves" via automation means fewer overall alerts = a happy team lol
SOAR can automatically take action on firewalls based on specified use cases. I work in a SOC for an MSSP and we use SOAR for some of our clients. Answer is D.
SOAR platform can help the security team prioritize alerts by integrating threat intelligence into the alerts. By doing so, the platform can help the security team decide which events should be investigated first, reducing alert fatigue and enabling faster response times to potential threats.
Option D describes how a SOAR platform can create logic to block specific traffic at the firewall, but it is not directly related to addressing alert fatigue.
A SOAR (Security Orchestration, Automation, and Response) platform will help the security team by automating the response to alerts, reducing the time required for manual investigation and response. The platform can perform automated actions based on predefined rules and workflows, reducing the workload of security analysts and improving the efficiency of incident response. This can significantly reduce alert fatigue and enable security teams to focus on more critical tasks. Therefore, option D, which describes the use of logic to block specific traffic at the firewall based on predefined event triggers and actions, is the BEST description of how a SOAR platform will help the security team.
From PaloAlto's website about SOARs:
Integrate security, IT operations and threat intelligence tools.
You can connect all your different security solutions - even tools from different vendors - to achieve a more comprehensive level of data collection and analysis. Security teams can stop juggling a variety of different consoles and tools.
Why D? Where in the questions says that the fatigue is due firewall alerts? And also, the firewall thing is not the only capability that a SOAR has. Going with A here.
A SOAR (Security Orchestration, Automation, and Response) platform will help the security team by option A, integrating threat intelligence into the alerts, which will help the security team decide which events should be investigated first.
A SOAR platform is designed to streamline the incident response process by integrating and automating the various security tools used by the security team. One of the key features of a SOAR platform is its ability to integrate threat intelligence feeds into the alerts generated by security tools, such as a SIEM (Security Information and Event Management) system. By integrating threat intelligence into the alerts, a SOAR platform can help the security team to quickly identify which alerts are the most critical and require immediate attention.
Security orchestration, automation, and response (SOAR) refers to a set of services and tools that automate cyberattack prevention and response. This automation is accomplished by unifying your integrations, defining how tasks should be run, and developing an incident response plan that suits your organization’s needs.
A and B don't touch on the benefits of automation.
Option D only addresses incidents involving traffic through the firewall. How about alerts that are just in the internal network?
Issue here is alert fatigue. Integrating threat intelligence can reduce false positive
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ZUL01
Highly Voted 2 years, 1 month agoStiobhan
Highly Voted 2 years, 3 months agoHereToStudy
2 years, 2 months ago2Fish
2 years, 2 months agozecomeia_007
Most Recent 1 year agoChilaqui1es
1 year, 7 months agoBubu3k
1 year, 10 months agojohndoe69
1 year, 10 months agoDany_Suarez
1 year, 11 months agokiduuu
2 years, 1 month agothenewpcgamer
2 years, 1 month agoHereToStudy
2 years, 2 months agoKashim
2 years, 3 months agotalosDevbot
2 years, 3 months ago2Fish
2 years, 3 months agoFarzananazy
2 years, 4 months agodb97
2 years, 4 months agoencxorblood
2 years, 4 months agoPhillyCheese
2 years, 4 months agotalosDevbot
2 years, 3 months agochuck165
2 years, 4 months ago