CompTIA CySA+ (CS0-003) — Question 343

An analyst notices that logs contain multiple events for computer account changes during monthly patch maintenance windows, resulting in a flood of tickets. The events generated are from the same system and time frame. The analyst determines that these tickets could be closed without human interaction. Which of the following is the best tool for automatically closing tickets containing the same information?

Answer options

• A. SOAR
• B. EDR
• C. CASB
• D. SIEM

Correct answer: A

Explanation

The correct answer is SOAR (Security Orchestration, Automation and Response), which is designed to automate the handling of security incidents, including ticket resolution. EDR (Endpoint Detection and Response) focuses on detecting and responding to endpoint threats, while CASB (Cloud Access Security Broker) secures cloud services, and SIEM (Security Information and Event Management) collects and analyzes log data, but does not specifically automate ticket closure.