CompTIA CySA+ (CS0-002) — Question 229

A security operations manager wants some recommendations for improving security monitoring. The security team currently uses past events to create an IoC list for monitoring. Which of the following is the best suggestion for improving monitoring capabilities?

Answer options

• A. Update the IPS and IDS with the latest rule sets from the provider.
• B. Create an automated script to update the IPS and IDS rule sets.
• C. Use an automated subscription to select threat feeds for IDS.
• D. Implement an automated malware solution on the IPS.

Correct answer: C

Explanation

The correct answer, C, is effective because using automated subscriptions for threat feeds allows the IDS to receive real-time updates on new threats, enhancing its ability to detect and respond to current risks. In contrast, options A and B focus on updating rule sets but do not provide ongoing intelligence, while option D suggests a solution that may not directly improve monitoring capabilities.