CompTIA CySA+ (CS0-002) — Question 106

A security engineer is reviewing security products that identify malicious actions by users as part of a company's insider threat program Which of the following is the MOST appropriate product category for this purpose?

Answer options

• A. SCAP
• B. SOAR
• C. UEBA
• D. WAF

Correct answer: C

Explanation

The most suitable product category for identifying malicious user actions is UEBA (User and Entity Behavior Analytics), as it focuses on analyzing user behavior to detect anomalies. SCAP, SOAR, and WAF serve different purposes, such as compliance, automation, and web application protection, respectively, and are not specifically designed for insider threat detection.