Which of the following tools uses machine learning and advanced analytics to detect abnormal patterns of behavior, such as unusual access or actions by employees, and significantly reduces manual effort in breach investigations?
Correct Answer: A
* UEBA (User and Entity Behavior Analytics) uses machine learning and advanced analytics to detect abnormal patterns of behavior, such as unusual access or actions by employees.
* Implementing UEBA automates the analysis of logs and identifies suspicious activities, significantly reducing the manual effort required.
* Option B (HSM) is incorrect because a hardware security module is used for secure key management, not log analysis.
* Option C (HIPS) is incorrect because a host intrusion prevention system focuses on preventing attacks on endpoints rather than log analysis.
* Option D (XDR) extends threat detection and response across multiple domains, but it is broader in scope and does not focus specifically on user behavior analysis.
* Option E (OPSEC training) is valuable for educating employees but does not streamline the breach investigation process.
References:
* CompTIA CASP+ Exam Objective 4.4: Implement security operations tools and automation solutions.
* CASP+ Study Guide, 5th Edition, Chapter 10, Security Operations and Behavioral Analysis.