CompTIA CySA+ (CS0-003) — Question 119

Which of the following techniques can help a SOC team to reduce the number of alerts related to the internal security activities that the analysts have to triage?

Answer options

• A. Enrich the SIEM-ingested data to include all data required for triage
• B. Schedule a task to disable alerting when vulnerability scans are executing
• C. Filter all alarms in the SIEM with low seventy
• D. Add a SOAR rule to drop irrelevant and duplicated notifications

Correct answer: D

Explanation

The correct answer is D because adding a SOAR rule specifically targets the reduction of irrelevant and duplicate alerts, streamlining the triage process. Options A, B, and C do not effectively address the core issue of managing alert volume and may even complicate the alerting process instead of simplifying it.