CompTIA SecurityX (CAS-005) — Question 266

An organization has noticed an increase in phishing campaigns utilizing typosquatting. A security analyst needs to enrich the data for commonly used domains against the domains used in phishing campaigns. The analyst uses a log forwarder to forward network logs to the SIEM. Which of the following would allow the security analyst to perform this analysis?

Answer options

• A. Use a cron job to regularly update and compare domains.
• B. Create a parser that matches domains.
• C. Develop a query that filters out all matching domain names.
• D. Implement a dashboard on the SIEM that shows the percentage of traffic by domain.

Correct answer: B

Explanation

The correct answer is B because creating a parser that matches domains allows the analyst to systematically identify and analyze the domains used in phishing campaigns. Options A and C do not directly assist in enriching data analysis, while D focuses on visualizing data rather than parsing and comparing domain information.