CompTIA CySA+ (CS0-003) — Question 264

A security analyst is assisting a software engineer with the development of a custom log collection and alerting tool (SIEM) for a proprietary system. The analyst is concerned that the tool will not detect known attacks and behavioral IoCs. Which of the following should be configured in order to resolve this issue?

Answer options

• A. Randomly generate and store all possible file hash values.
• B. Create a default rule to alert on any change to the system.
• C. Integrate with an open-source threat intelligence feed.
• D. Manually add known threat signatures into the tool.

Correct answer: C

Explanation

The correct answer is C because integrating with an open-source threat intelligence feed allows the tool to stay updated with the latest threat information and known attack patterns, enhancing its detection capabilities. Options A and B do not specifically address the detection of known attacks, while D, although useful, is less efficient than leveraging a comprehensive threat feed that continuously updates threat data.