CompTIA Security+ (SY0-601) — Question 777

The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve. This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed. Which of the following solutions should the SOC consider to BEST improve its response time?

Answer options

• A. Configure a NIDS appliance using a Switched Port Analyzer.
• B. Collect OSINT and catalog the artifacts in a central repository.
• C. Implement a SOAR with customizable playbooks.
• D. Install a SIEM with community-driven threat intelligence.

Correct answer: C

Explanation

The correct answer is C because implementing a SOAR (Security Orchestration, Automation, and Response) with customizable playbooks can automate repetitive tasks and streamline incident response processes, leading to faster resolution times. Options A and D focus on detection and threat intelligence, which may not directly address the manual tasks causing delays. Option B, while useful for information gathering, does not provide the necessary automation to improve response times effectively.