CompTIA CySA+ (CS0-003) — Question 176

An organization has a critical financial application hosted online that does not allow event logging to send to the corporate SIEM. Which of the following is the best option for the security analyst to configure to improve the efficiency of security operations?

Answer options

• A. Configure a new SIEM specific to the management of the hosted environment.
• B. Subscribe to a threat feed related to the vendor's application.
• C. Use a vendor-provided API to automate pulling the logs in real time.
• D. Download and manually import the logs outside of business hours.

Correct answer: C

Explanation

The correct answer is C because using a vendor-provided API allows for real-time log retrieval, which enhances security monitoring efficiency. Option A may not be effective if the new SIEM cannot access the necessary logs, while B does not address the logging issue directly, and D is inefficient as it relies on manual processes that can lead to delays in security response.