CompTIA CySA+ (CS0-003) — Question 270

Which of the following is a circumstance in which a security operations manager would most likely consider using automation?

Answer options

• A. The generation of NIDS rules based on received STIX messages
• B. The fulfillment of privileged access requests to enterprise domain controllers.
• C. The verification of employee identities prior to initial PKI enrollment
• D. The analysis of suspected malware binaries captured by an email gateway

Correct answer: A

Explanation

The correct answer is A because automation can efficiently generate NIDS rules based on STIX messages, which is a repetitive task. Options B, C, and D involve more complex human judgment or are sensitive processes that require careful oversight and cannot be fully automated without risking security or compliance issues.