Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?

SY0-601 V5 0 Comments

As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again.

Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?
A . Creating a playbook within the SOAR
B. Implementing rules in the NGFW
C. Updating the DLP hash database
D. Publishing a new CRL with revoked certificates

Answer: A

Explanation:

Creating a playbook within the Security Orchestration, Automation and Response (SOAR) tool would allow the security analyst to detect if an event is reoccurring by triggering automated actions based on the previous incident’s characteristics. This can help the SOC to respond quickly and effectively to the incident.

References: CompTIA Security+ Study Guide, Exam SY0-601, 4th Edition, Chapter 7: Incident Response, pp. 352-354

Latest SY0-601 Dumps Valid Version with 396 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SY0-601 PDF     SY0-601 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments