CompTIA SecurityX (CAS-005) — Question 91

A security engineer reviews an after-action report from a previous security breach and notes a long lag time between detection and containment of a compromised account. The engineer suggests using SOAR to address this concern. Which of the following best explains the engineer's goal?

Answer options

• A. To prevent accounts from being compromised
• B. To enable log correlation using machine learning
• C. To orchestrate additional reporting for the security operations center
• D. To prepare runbooks to automate future incident response

Correct answer: D

Explanation

The correct answer is D because creating runbooks is a key function of SOAR, allowing for automated responses to incidents, which can reduce lag time significantly. Options A, B, and C do not directly address the concern of improving response times and automating the containment process.