CompTIA CySA+ (CS0-003) — Question 218

A newly hired security manager in a SOC wants to improve efficiency by automating routine tasks. Which of the following SOC tasks is most suitable for automation?

Answer options

• A. Conducting security assessments and audits of IT systems
• B. Investigating security incidents and determining the root causes
• C. Reviewing logs and alerts to identify security threats and anomalies
• D. Generating incident reports and notifying the appropriate stakeholders

Correct answer: C

Explanation

Option C is the most appropriate for automation since log analysis and alert monitoring can be repetitive and time-consuming, making them ideal for automated solutions. In contrast, options A and B involve critical thinking and human judgment that are necessary for assessments and investigations, while option D also requires human intervention for effective communication with stakeholders.