CompTIA Security+ (SY0-601) — Question 96

A recent phishing campaign resulted in several compromised user accounts. The security incident response team has been tasked with reducing the manual labor of filtering through all the phishing emails as they arrive and blocking the sender’s email address, along with other time-consuming mitigation actions. Which of the following can be configured to streamline those tasks?

Answer options

• A. SOAR playbook
• B. MDM policy
• C. Firewall rules
• D. URL filter
• E. SIEM data collection

Correct answer: A

Explanation

The SOAR playbook is designed to automate and streamline incident response processes, making it the ideal choice for handling phishing emails efficiently. The other options, such as MDM policy, firewall rules, URL filters, and SIEM data collection, do not specifically address the automation of handling phishing emails and do not provide the same level of operational efficiency.