Valid CS0-003 Dumps shared by ExamDiscuss.com for Helping Passing CS0-003 Exam! ExamDiscuss.com now offer the newest CS0-003 exam dumps, the ExamDiscuss.com CS0-003 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CS0-003 dumps with Test Engine here:
A security analyst is assisting a software engineer with the development of a custom log collection and alerting tool (SIEM) for a proprietary system. The analyst is concerned that the tool will not detect known attacks and behavioral IoCs. Which of the following should be configured in order to resolve this issue?
Correct Answer: C
Comprehensive and Detailed Explanation: To improve the detection of known attacks and behavioral Indicators of Compromise (IoCs), the best approach is to integrate with an open-source threat intelligence feed. Threat intelligence feeds provide up- to-date information on known malicious IPs, domains, file hashes, and behavioral patterns that attackers use. * Option A (randomly generating and storing hash values) is impractical, as there are an infinite number of possible files. * Option B (alerting on any system change) would lead to excessive noise and false positives, making the system difficult to manage. * Option D (manually adding signatures) is useful but is not scalable or as timely as an external intelligence feed. Thus, the correct answer is C, as integrating an open-source threat intelligence feed enhances the SIEM's ability to detect and respond to real-world threats.