312-39 Question #96: Real Exam Question with Answer & Explanation

Question

Options

• AVulnerability management tools
• BThreat intelligence management tools
• CEndpoint detection and response (EDR) tools
• DSecurity information and event management (SIEM) solutions

Explanation

When a zero-day is being exploited and no patch exists, the SOC must rapidly consume, curate, and operationalize evolving threat intelligence: new IoCs, attacker infrastructure, exploitation patterns, and defensive guidance. Threat intelligence management tools are purpose-built for this. They aggregate feeds and reports, normalize indicators, score confidence and relevance, de-duplicate noise, enrich with context (campaign, actor, targeting), and push actionable intelligence into detection and response systems. This provides real-time visibility into changes as the threat evolves and enables proactive mitigation such as blocking malicious domains/IPs, updating WAF rules, tuning detections, and prioritizing monitoring on vulnerable assets. Vulnerability management tools are important for exposure tracking, but they provide limited real-time adversary intelligence and cannot resolve a zero-day without patching/mitigation guidance. EDR tools provide endpoint visibility and containment but don’t serve as the intelligence aggregation and distribution layer. SIEM solutions correlate internal telemetry and alert on suspicious behavior, but they rely on intelligence sources and still need a mechanism to manage rapidly changing indicators at scale. Therefore, threat intelligence management tools are crucial for quickly turning external intelligence into actionable defensive updates during a zero-day window.

No community discussion yet for this question.