CompTIA CySA+ (CS0-003) — Question 101

The Chief Information Security Officer for an organization recently received approval to install a new EDR solution. Following the installation, the number of alerts that require remediation by an analyst has tripled. Which of the following should the organization utilize to best centralize the workload for the internal security team? (Choose two.)

Answer options

• A. SOAR
• B. SIEM
• C. MSP
• D. NGFW
• E. XDR
• F. DLP

Correct answer: A, B

Explanation

SOAR (Security Orchestration, Automation and Response) can help automate and streamline the incident response process, reducing the workload on analysts. SIEM (Security Information and Event Management) centralizes security data from various sources, aiding in better analysis and response to alerts. The other options like MSP, NGFW, XDR, and DLP do not specifically address the centralization of alert management and workload distribution.