CompTIA CySA+ (CS0-003) — Question 36

An analyst recommends that an EDR agent collect the source IP address, make a connection to the firewall, and create a policy to block the malicious source IP address across the entire network automatically. Which of the following is the best option to help the analyst implement this recommendation?

Answer options

• A. SOAR
• B. SIEM
• C. SLA
• D. IoC

Correct answer: A

Explanation

SOAR (Security Orchestration, Automation, and Response) is designed to automate responses to security incidents, making it the best choice for implementing the analyst's recommendation. SIEM (Security Information and Event Management) focuses on collecting and analyzing security data but does not automate responses. SLA (Service Level Agreement) pertains to service expectations and is irrelevant here, while IoC (Indicator of Compromise) refers to evidence of a breach but does not provide a method for automated blocking.