CompTIA CySA+ (CS0-003) — Question 381

A SOC manager who recently switched companies notices that their new company's SOC analysts have significantly poorer operational metrics compared to their previous company, without any major difference in alert volume or team size. Which of the following are most likely to be the cause? (Choose two.)

Answer options

• A. Use of OSSTMM
• B. Integration of webhooks
• C. Lack of SOAR implementation
• D. Absence of single pane of glass
• E. Morale issues among SOC staff
• F. Usage of API gateways

Correct answer: C, D

Explanation

The correct answers, C and D, indicate that not having SOAR implemented and lacking a centralized dashboard can lead to inefficiencies in incident response and visibility, affecting operational metrics. The other options, while potentially relevant to SOC operations, do not directly explain the significant difference in performance metrics observed by the manager.