CompTIA CySA+ (CS0-003) — Question 359

Which of the following explains why a company would consider enriching data before sending it to the SIEM?

Answer options

• A. To prevent injection attacks against the log management system
• B. To reduce the amount and cost of data storage for security incidents
• C. To provide more information to SOC analysts when analyzing events
• D. To normalize the data before saving it to the database tables

Correct answer: C

Explanation

The correct answer is C because enriching data provides SOC analysts with more context and details, which enhances their ability to analyze security events effectively. Options A, B, and D do not directly relate to the primary purpose of enriching data for better incident analysis.