SY0-701 · Question #628
SY0-701 Question #628: Real Exam Question with Answer & Explanation
The correct answer is A: SOAR. SOAR (Security Orchestration, Automation, and Response) is correct because it automates repetitive security workflows - like threat identification and containment - reducing manual steps through playbooks and integrations across security tools. SIEM (B) aggregates and correlates
Question
A security manager wants to reduce the number of steps required to identify and contain basic threats. Which of the following will help achieve this goal?
Options
- ASOAR
- BSIEM
- CDMARC
- DNIDS
Explanation
SOAR (Security Orchestration, Automation, and Response) is correct because it automates repetitive security workflows - like threat identification and containment - reducing manual steps through playbooks and integrations across security tools. SIEM (B) aggregates and correlates log data to detect threats but does not automate the response steps; it tells you what happened, not what to do about it. DMARC (C) is an email authentication protocol that helps prevent spoofing - it's domain-specific and has nothing to do with general threat containment workflows. NIDS (D) is a Network Intrusion Detection System that passively monitors and alerts on suspicious traffic but cannot take containment action on its own.
Memory tip: Think of the R in SOAR - it stands for Response, which is the action step. SIEM stops at detection; SOAR adds the automation to respond. If the question mentions reducing steps, automation, or playbooks, SOAR is almost always the answer.
Topics
Community Discussion
No community discussion yet for this question.