Threat Triage — CompTIA CySA+ (CS0-003) Practice Questions
Threat triage is the process of evaluating and prioritizing incoming alerts or reported events to determine their urgency, scope, and required response, much like medical triage in an emergency setting. On the CySA+ exam, candidates are tested on how to assess indicators of compromise, cross-reference threat intelligence, and assign severity levels so that analyst effort is directed toward the most critical threats first. Effective triage reduces mean time to respond and prevents lower-priority noise from masking genuine high-severity incidents in a busy SOC environment.
Free questions on threat triage
A security team is creating an incident response plan. Which scenario should trigger activation of the full incident response team?
Free question · medium · full answer + explanation