Certified SOC Analyst (CSA) — Question 4

Which of the following can help you eliminate the burden of investigating false positives?

Answer options

• A. Keeping default rules
• B. Not trusting the security devices
• C. Treating every alert as high level
• D. Ingesting the context data

Correct answer: D

Explanation

Ingesting the context data provides additional information that can help differentiate between genuine threats and false positives, thereby reducing the investigative burden. The other options either maintain the status quo or complicate the alert evaluation process, leading to increased workload without improving accuracy.