CompTIACompTIA
CS0-003 · Question #533
CS0-003 Question #533: Real Exam Question with Answer & Explanation
The correct answer is A: Government bulletins. Government bulletins are generally the most cost-effective source for automatically ingesting Indicators of Compromise (IoCs) into an EDR tool.
Submitted by takeshi77· Mar 6, 2026Security operations
Question
An analyst would like to start automatically ingesting IoCs into the EDR tool. Which of the following sources would be the most cost effective for the analyst to use?
Options
- AGovernment bulletins
- BSocial media
- CDark web
- DBlogs
Explanation
Government bulletins are generally the most cost-effective source for automatically ingesting Indicators of Compromise (IoCs) into an EDR tool.
Common mistakes.
- B. Social media can contain IoCs but often requires significant manual effort for curation, validation, and conversion into an ingestible format, making it less cost-effective for automated, reliable ingestion.
- C. The dark web may contain valuable IoCs, but accessing and processing this information is legally and technically complex, carries significant risks, and is not cost-effective or practical for automated, regular ingestion.
- D. Blogs can provide IoCs, but like social media, they are typically in unstructured formats, requiring manual effort for extraction and validation, which makes them less suitable for cost-effective automated ingestion.
Concept tested. Cost-effective IoC sources
Reference. https://www.cisa.gov/resources-tools/resources/cyber-threat-intelligence
Topics
#IoC ingestion#EDR#Threat intelligence sources#Cost-effectiveness
Community Discussion
No community discussion yet for this question.