CompTIA CySA+ (CS0-003) — Question 353

An after-action review of a ransomware attack on a company identified deficiencies in responsiveness and consistency. Which of the following choices would best facilitate improvement of these deficiencies?

Answer options

• A. Leverage a SIEM.
• B. Utilize threat intelligence sharing.
• C. Source multiple threat feeds.
• D. Implement SOAR.

Correct answer: D

Explanation

Implementing SOAR (Security Orchestration, Automation, and Response) can streamline incident response processes, enhancing both responsiveness and consistency in handling security threats. While leveraging a SIEM, utilizing threat intelligence sharing, and sourcing multiple threat feeds are valuable, they do not provide the same level of automation and orchestration that SOAR offers to improve operational efficiency.