[&] What is a key difference in focus between a SOAR and a SIEM?
- SOAR focuses on hardware management while SIEM focuses on software management.
- SOAR focuses on response and automation while SIEM focuses on detection and correlation. -- Correct
- SOAR focuses on detection while SIEM focuses on response.
- SOAR and SIEM have the same focus but differ in scale.

[&] What is the primary function of a SOAR platform?
- To analyze network traffic for anomalies
- To manage firewall settings
- To detect threats through log analysis
- To orchestrate and automate response processes -- Correct

[&] Which of the following is NOT typically automated by a SOAR platform?
- Endpoint isolation
- Alert triage
- System software updates -- Correct
- Alert enrichment

[&] How does orchestration within a SOAR platform benefit security operations?
- It eliminates the need for any human interaction
- It improves communication between internal and external stakeholders
- It provides tools for developing customized detection rules and signatures
- It ensures security tools work collaboratively and efficiently -- Correct

[&] Why is case management an important feature of SOAR platforms?
- It automates threat intelligence integration to improve detection capabilities
- It provides real-time antivirus protection
- It generates compliance reports to meet regulatory requirements
- It centralizes incident information for tracking and collaboration -- Correct