CompTIA CySA+ (CS0-003) — Question 68

After a security assessment was done by a third-party consulting firm, the cybersecurity program recommended integrating DLP and CASE to reduce analyst alert fatigue. Which of the following is the best possible outcome that this effort hopes to achieve?

Answer options

• A. SIEM ingestion logs are reduced by 20%.
• B. Phishing alerts drop by 20%.
• C. False positive rates drop to 20%.
• D. The MTTR decreases by 20%.

Correct answer: C

Explanation

The correct answer is C because integrating DLP and CASE aims to improve the accuracy of alerts, thereby reducing the number of false positives. The other options, while relevant to security operations, do not directly address the primary goal of decreasing analyst alert fatigue by minimizing false alerts.