CompTIA CySA+ (CS0-003) — Question 222

Which of the following is most appropriate to use with SOAR when the security team would like to automate actions across different vendor platforms?

Answer options

• A. STIX/TAXII
• B. APIs
• C. Data enrichment
• D. Threat feed

Correct answer: B

Explanation

APIs (Application Programming Interfaces) are the most suitable choice for integrating and automating actions across different vendor platforms in a SOAR environment, as they facilitate communication between systems. STIX/TAXII, data enrichment, and threat feeds, while useful for threat intelligence and data integration, do not directly enable the automation of actions across multiple platforms like APIs do.