[&] Why is a SOAR considered essential in SOC operations?
- It acts as a standalone intrusion prevention system
- It reduces response time by automating common tasks -- Correct
- It provides real-time visibility into endpoint activity
- It monitors inbound and outbound network traffic

[&] How do NDR tools complement EDR solutions?
- By aggregating logs from multiple security tools
- By automating common tasks and minimizing manual efforts
- By integrating with compliance standards like GDPR and PCI DSS
- By providing network-level visibility to detect threats bypassing endpoint controls -- Correct

[&] What is the role of an IDS/IPS in a SOC?
- To orchestrate incident response playbooks
- To collect and aggregate logs from multiple sources
- To detect and block network-based attacks -- Correct
- To enable real-time endpoint monitoring

[&] Which tool is primarily focused on automating and orchestrating responses to security incidents?
- SIEM
- EDR
- SOAR -- Correct
- IDS/IPS

[&] What is the primary purpose of a SIEM in a SOC?
- To collect, analyze, and correlate security data from various sources -- Correct
- Enhancing threat detection through automated alert generation
- To provide endpoint protection through antivirus solutions
- To automate incident response processes

[&] Which feature is NOT typically a part of an EDR system?
- Traffic analysis and decryption -- Correct
- Real-time endpoint monitoring
- Forensic capabilities for post-incident investigation
- Threat detection and automated response