CompTIA CySA+ (CS0-003) — Question 449

Which of the following security operations tasks are ideal for automation?

Answer options

• A. Suspicious file analysis: Look for suspicious-looking graphics in a folder. Create subfolders in the original folder based on category of graphics found. Move the suspicious graphics to the appropriate subfolder
• B. Firewall IoC block actions: Examine the firewall logs for IoCs from the most recently published zero-day exploit Take mitigating actions in the firewall to block the behavior found in the logs Follow up on any false positives that were caused by the block rules
• C. Security application user errors: Search the error logs for signs of users having trouble with the security application Look up the user's phone number - Call the user to help with any questions about using the application
• D. Email header analysis: Check the email header for a phishing confidence metric greater than or equal to five Add the domain of sender to the block list Move the email to quarantine

Correct answer: D

Explanation

The correct answer, D, involves tasks that can be easily automated, such as checking email headers and taking action based on predefined criteria. Options A and C require subjective judgment and human interaction, making them less suitable for automation. Option B, while it involves some automation, also requires human follow-up on potential false positives, which detracts from its automation potential compared to option D.