SOAR (Security Orchestration, Automation, and Response) is designed to automate repetitive security tasks, orchestrate workflows, and reduce manual effort in identifying and containing threats. CompTIA Security+ SY0-701 describes SOAR as an advanced tool that integrates with SIEM, EDR, firewalls, and ticketing systems to automate detection, enrichment, and response actions.
By using SOAR playbooks, security teams can automate:
Initial threat triage
Log correlation
Host isolation
Indicator lookups
Ticket creation and escalation
This significantly reduces the number of manual steps an analyst must perform, achieving the manager’s goal of streamlining threat-handling procedures.
A SIEM (B) centralizes logs and alerts but still requires manual investigation unless paired with SOAR. DMARC (C) protects email domains from spoofing but does not automate threat response. NIDS (D) detects threats on the network but does not automate containment.
SOAR’s ability to automate identification and response makes A the correct answer.
Submit