Exam CS0-003 Topic 1 Question 285 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 285
Topic #: 1
A security analyst is assisting a software engineer with the development of a custom log collection and alerting tool (SIEM) for a proprietary system. The analyst is concerned that the tool will not detect known attacks and behavioral IoCs. Which of the following should be configured in order to resolve this issue?

Suggested Answer: C Vote an answer

To improve the detection of known attacks and behavioral Indicators of Compromise (IoCs), the best approach is to integrate with an open-source threat intelligence feed. Threat intelligence feeds provide up-to-date information on known malicious IPs, domains, file hashes, and behavioral patterns that attackers use.
Option A (randomly generating and storing hash values) is impractical, as there are an infinite number of possible files.
Option B (alerting on any system change) would lead to excessive noise and false positives, making the system difficult to manage.
Option D (manually adding signatures) is useful but is not scalable or as timely as an external intelligence feed.
Thus, the correct answer is C, as integrating an open-source threat intelligence feed enhances the SIEM's ability to detect and respond to real-world threats.

by Matthew at Apr 14, 2026, 09:16 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10