CompTIA CySA+ (CS0-002) — Question 282

A security team implemented a SIEM as part of its security-monitoring program. There is a requirement to integrate a number of sources into the SIEM to provide better context relative to the events being processed. Which of the following BEST describes the result the security team hopes to accomplish by adding these sources?

Answer options

• A. Data enrichment
• B. Continuous integration
• C. Machine learning
• D. Workflow orchestration

Correct answer: A

Explanation

The correct answer is A, Data enrichment, as it refers to the process of enhancing existing data with additional information to provide more context. The other options, such as Continuous integration, Machine learning, and Workflow orchestration, do not specifically address the goal of improving the context of event data within a SIEM.