Certified SOC Analyst (CSA) — Question 82

Which of the following stage executed after identifying the required event sources?

Answer options

• A. Identifying the monitoring Requirements
• B. Defining Rule for the Use Case
• C. Implementing and Testing the Use Case
• D. Validating the event source against monitoring requirement

Correct answer: D

Explanation

The correct answer, D, is the next logical phase where the identified event sources are checked to ensure they meet the monitoring requirements. Options A, B, and C are earlier stages in the process and do not follow the identification of event sources.