CompTIA CySA+ (CS0-002) — Question 122

A security team is struggling with alert fatigue, and the Chief Information Security Officer has decided to purchase a SOAR platform to alleviate this issue. Which of the following BEST describes how a SOAR platform will help the security team?

Answer options

• A. SOAR will integrate threat intelligence into the alerts, which will help the security team decide which events should be investigated first.
• B. A SOAR platform connects the SOC with the asset database, enabling the security team to make informed decisions immediately based on asset criticality.
• C. The security team will be able to use the SOAR framework to integrate the SIEM with a TAXII server, which has an automated intelligence feed that will enhance the alert data.
• D. Logic can now be created that will allow the SOAR platform to block specific traffic at the firewall according to predefined event triggers and actions.

Correct answer: D

Explanation

The correct answer is D because a SOAR platform allows for the automation of responses to specific security events, enabling proactive measures such as blocking unwanted traffic. Options A, B, and C describe various integrations and enhancements that SOAR provides, but they do not specifically address the automation of blocking traffic, which is crucial in reducing alert fatigue.