CompTIA CySA+ (CS0-003) — Question 517

Which of the following is the best metric for an organization to focus on given recent investments in SIEM, SOAR, and a ticketing system?

Answer options

• A. Mean time to detect
• B. Number of exploits by tactic
• C. Alert volume
• D. Quantity of intrusion attempts

Correct answer: A

Explanation

The correct answer is A, Mean time to detect, as it reflects how effectively the organization can identify threats after implementing these systems. While B, C, and D provide useful data, they do not directly measure the organization's ability to respond to incidents, which is crucial following such investments.