CS0-003 Question #568: Real Exam Question with Answer & Explanation

Question

The architecture team has been given a mandate to reduce the triage time of phishing incidents by 20%. Which of the following solutions will most likely help with this effort?

Options

• AIntegrate a SOAR platform.
• BIncrease the budget to the security awareness program.
• CImplement an EDR tool.
• DInstall a button in the mail clients to report phishing.

Explanation

SOAR for Phishing Triage Reduction

Integrating a SOAR (Security Orchestration, Automation, and Response) platform directly addresses the goal of reducing triage time because it automates repetitive investigation steps - such as URL detonation, header analysis, and indicator lookups - that analysts would otherwise perform manually, dramatically accelerating the phishing response workflow.

Why the distractors are wrong:

• B (Security awareness program): Increasing this budget helps prevent phishing clicks but does nothing to speed up the triage process once an incident is reported.
• C (EDR tool): EDR focuses on endpoint detection and response for malware/threats on devices, not on streamlining the phishing investigation pipeline.
• D (Phishing report button): This improves reporting volume and ease, but doesn't reduce the time analysts spend triaging each reported email - it may actually increase their workload.

Memory Tip: Think of SOAR as the "assembly line" of security operations - it takes manual, repetitive triage tasks and automates them into a fast, consistent workflow. Whenever a question asks about reducing time or increasing efficiency in incident response, SOAR is almost always the answer.

No community discussion yet for this question.