CompTIA
CAS-002 · Question #562
CAS-002 Question #562: Real Exam Question with Answer & Explanation
The correct answer is A: DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC. A SOC integrates multiple security tools and processes to continuously monitor, detect, and respond to threats across an enterprise environment.
Question
The Chief Information Security Officer (CISO) has just returned from attending a security conference and now wants to implement a Security Operations Center (SOC) to improve and coordinate the detection of unauthorized access to the enterprise. The CISO's biggest concern is the increased number of attacks that the current infrastructure cannot detect. Which of the following is MOST likely to be used in a SOC to address the CISO's concerns?
Options
- ADLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC
- BForensics, White box testing, Log correlation, HIDS, and SSO
- CVulnerability assessments, NIDP, HIDS, SCAP, Analytics and SIEM
- DeGRC, WIPS, Federated ID, Network enumerator, NIPS and Port Scanners
Explanation
A SOC integrates multiple security tools and processes to continuously monitor, detect, and respond to threats across an enterprise environment.
Common mistakes.
- B. White box testing is a vulnerability assessment technique and SSO is an identity management control - neither are real-time SOC detection or monitoring capabilities.
- C. Vulnerability assessments and SCAP focus on compliance and configuration management of known weaknesses, not on real-time detection and response to active attacks.
- D. Network enumerators and port scanners are offensive reconnaissance tools, not SOC detection components, and Federated ID is an identity management concept unrelated to attack detection.
Concept tested. Security Operations Center component selection
Reference. https://csrc.nist.gov/publications/detail/sp/800-137/final
Community Discussion
No community discussion yet for this question.