Exam CS0-002 topic 1 question 296 discussion

And this is why I use examtopics, because the quality of these questions from CompTIA is just hilarious.

The option B, using Boolean filters in the SIEM rule, would be the best approach because it allows the analyst to quickly and efficiently filter the vulnerability data based on the desired risk level criteria. By using Boolean filters in the SIEM rule, the analyst can take advantage of real-time processing and RAM to dynamically store and process the data, generating results faster and allowing for easier display and reporting of the results. This approach is faster and more efficient than a static table stored on disk or using the table as a new index or database for the SIEM.

he best approach for assessing the risk level of each vulnerability discovered by the vulnerability assessment tool in a SIEM (Security Information and Event Management) system is to use the table as a new index or database. This approach allows for efficient data storage and retrieval, as well as the ability to use multisearch capabilities within the SIEM.

I work for a SOC and I do the option B very often

The best approach to assess the risk level of each vulnerability that is discovered by the vulnerability assessment tool when creating a rule in the company's SIEM would be to use a static table stored on the disk of the SIEM system to correlate its data with the data ingested by the vulnerability scanner data collector. This approach enables the analyst to combine the vulnerability data with other data sources such as logs, events, or alerts, to identify relevant indicators of compromise (IOCs), and increase the accuracy of the alerts. Using a static table stored on the disk of the SIEM system is also beneficial as it ensures data persistence, and can be easily updated and correlated with new data sources.